"How do I know if I can trust the community feed (the packages on this site?) Until we have package moderation in place, the answer is that you can't trust the packages here. ..."
Their about page:
"Package moderation and package signing are planned to increase the security of the community feed. Bear with us, this is going to take time to get into place. ..."
However moderation seems to be implemented (at least putty is approved by a moderator), I see no signing in place. At least everything seems to be going trough https and they are going in a good direction.
"How do I know if I can trust the community feed (the packages on this site?) Until we have package moderation in place, the answer is that you can't trust the packages here. ..."
Their about page:
"Package moderation and package signing are planned to increase the security of the community feed. Bear with us, this is going to take time to get into place. ..."
However moderation seems to be implemented (at least putty is approved by a moderator), I see no signing in place. At least everything seems to be going trough https and they are going in a good direction.