2009/11/18 Jeff Garzik <jgarzik at pobox.com>: > How little social engineering + virus automation does it take to get such an > install to include a malicious 3rd party repo? You need the root password to install from repos not signed by a key previously imported, or if the package signature is wrong. Richard.