Comment Re:Obligatory reminder that an alternative exists (Score 2) 97
And to head off the obvious rejoinder, yes, their private key can be compromised to allow an attacker to sign malicious packages. But if that is a genuine concern, why would you possibly trust the security of the SSL connection to their site?