> The package installs Wuala and registers our repository for further updates.
This is even more harmful that it sounds, as someone who has repo access (be it some evil staff member or, more possibly, inturder) may push not only malicious Wuala build, but any package with higher version number than in other repos (say, a linux-image-999.999 with a bundled rootkit) and if user was incautious it will be installed on system update.
That is not really auto-update (only if you enabled it system-wide) – and after reviewing the source code, which is necessary anyhow to make sure it is actually ‘secure’, you would then remove the file in /etc/apt/sources.list.d and be happy :-)
> The package installs Wuala and registers our repository for further updates.
This is even more harmful that it sounds, as someone who has repo access (be it some evil staff member or, more possibly, inturder) may push not only malicious Wuala build, but any package with higher version number than in other repos (say, a linux-image-999.999 with a bundled rootkit) and if user was incautious it will be installed on system update.