>>107152363
not that anon, but you've conflated contributors (project 'maintainers') and package maintainers. The xz-utils incident was a supply chain attack such that the origin of deliberately pozzed patches were ultimately introduced from the master tree of the source.
but regardless, packaging for Linux distros does fuck all in terms of security. A package repository is nothing but sources compiled and linked for a specific distrobution. You should not consider this a security bonus. It's well and good to use a Linux distro or official package repos because a bunch of autists compiled most of the stuff you wanna use already, but the software installed on your computer is no less vulnerable to unpatched bugs.
pic related, this is how we know shit's secure using Linux on the desktop
4chan Search
1 results for "19a13ec2bd88e89e7b5eb72ccd974faa"