In some review, some has mentioned the notion of "trused repositories".
Can we have clarification on this notion and what we expect for this ?
Can we trust proprietary repo ?
What can be audited (even when closed source software).
What level of trust can we expect or not ?
At least previously we had a page listing some repositories that would
(linked from the fp.o page).