Backtracking intrusions Q1: When are considered as dependencies in Backtracker? Q2: What does Backtracker trust to be safe from exploits/intrusions?