The goal of this special recipes repository for AutoPkg is to build trust into the thousands of available AutoPkg recipes.
In order to accomplish this, we will have a team of vetted reviewers ensuring that the recipes in this repository follow strict rules. These rules limit recipes' capabilities, and defining and enforcing those rules will require a lot of work on the part of our community. But we hope that the benefits of establishing a core of trusted recipes will be well worth it.
We intend to build trust in recipes — not in payload. We will verify that the recipe plist content is correctly identified, comes from a trusted source, and behaves in a reasonable manner. However, we will not guarantee that the software packaged by the recipe is secure or trusted.