I have pretty good faith in Canonical, these days I trust Redhat a bit less.
I think Debian tried to do an "only include signed packages" thing but failed because it's a massive undertaking.
reply