Thorsten Leemhuis wrote: > But we have other packages (I had two and still have one) that entered > the repo with SUID binaries that were never reviewed by anyone. Do we > care? Do we trust packagers (¹) enough to decide? We should definitely make sure they get looked-at. Copying bressers, who might be able to help with drafting a plan.