-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224
Sorry Steven you obviously don't understand how an apt repository works.I have a repo on sourceforge and only what I put in there is in there. Using apt it checks packages files, which I create with reprepro on my own machine at home, and you can only get what is listed in my repository. Sourceforge has not added anything, nor can they, to my repo and if they did it would not be signed and that should immediately ring alarm bells.
I think it's more of an issue with supporting a site with a known malware-based business model than anything else. Yes, I could cryptographically secure downloads from spam-are-us.net, but would that: a.) hurt TDE's reputation? b.) open users to potential attack if they ignore a single warning message? c.) help spam-are-us.net advertise their malware?
If the answer is yes to any of the above it isn't a good idea to use the service ;-)
Tim