In article <199703201739.MAA24157@Twig.Rodents.Montreal.QC.CA> you write:
> any software on my machine that was not built from source by someone I
> trust (usually me) and, if remote, communicated by a channel whose
> level of integrity protection I trust.  Precompiled binaries fall flat

Um, but you must have used precompiled binaries at one point, including
cc. Remember dmr's (I think?) great login trojan? You're still not safe.

I think you're being over-paranoid(*). If this really all bothers you so
mutch, don't use the ports system AT ALL. There's no need to spoil it
for those who have decided that it's worth the risk.

I'm quite willing to trust packages built by somone trusted by core,
along with a crypto-signed certificiate to make sure I got the real
thing, especially since I'm already trusting a number of "someones
trusted by core" anyway, even if I build NetBSD from source myself,
since there's no way I'll ever have time to examine all the source. 


(* But bear in mind, this is the view of someone whose NetBSD systems
have nearly-24Hr armed security, plus dogs**)

(** Though the latter would likely only be effective if we're overrun by
squirrels or mailmen)