zlib is one of those packages that's often the root of all packages.
(Were you expecting "evil?" That's only in packages distributed without checking GPG signatures of sources verified by strong web-of-trust, built on well-secured build farms and implementing end-to-end chain-of-custody for distribution artifacts.)
(Were you expecting "evil?" That's only in packages distributed without checking GPG signatures of sources verified by strong web-of-trust, built on well-secured build farms and implementing end-to-end chain-of-custody for distribution artifacts.)