kreyszig on Nostr: Does it verify that packages are properly signed orndoes it blindly trust GitHub as a ...Does it verify that packages are properly signed orndoes it blindly trust GitHub as a source?