Minimizing transitive trust threats in software management systems