[yjftsjthsd-h]

>> Due to the sheer size of the current Debian release it is infeasible for a small team to be able to audit all the packages, so there is a system of prioritizing packages which are more security sensitive.

> This was, at best, poor communication. Of course nobody would ever audit all of 90,000 packages, easily billions of LOC. Especially not when the vast majority of these packages have a very small user base.

How is that any different? It rather sounds like you've restated the same thing and then claimed the author's wrong.

[pan69]

I think OP is trying to suggest that you'd only audit the packages you actually use rather than all packages.

[ckastner]

The author didn't state that. That's a direct quote from the Debian page, from the "Audit Scope" section.

That statement is entirely reasonable, yet the author frames this as the the point where "things begin to spin out of control!".