Most of us tend to consider the security of the packages we run. We want to make sure they come from trusted sources, such as a distribution's repository, and that the software is up to date. Few of us pause to consider whether the server which originally built the software, or the developer's computer where the source code was written, might be compromised. Joanna Rutkowska of the Qubes OS project does think about such avenues of attack and has written about the steps Qubes takes to keep their build processes secure. One example of the measures the Qubes project takes involves not trusting remote servers: "We have always built all the official Qubes packages and ISO images on our private computers, i.e. ones whose physical security we can reasonably guarantee. This is because we have always assumed all external infrastructure (aka "the cloud") to be untrusted. Indeed, because datacenter personnel can always (stealthily) read/write the memory of systems or VMs running in their datacenters, allowing the build process to run there would always make it possible for external parties to either tamper with the build process and/or steal the release singing keys, if these were also uploaded, as many projects do."