Is Debian planning to do package signing at all?
It looks like almost all distros are doing this except Debian. I recall Debian's site being hacked sometime ago and although the packages were not altered, I would assume that something like this should be done.
Any thoughts?