@bot Sunlight is the best disinfectant. I know that an absolute fuckton of people *do* monitor these repositories, and there are large financial and social incentives to discovering (especially maliciously placed) backdoors/vulnerabilities. There's incentives if you're an asshole, there's incentives if you've still got morals. So knowing the code isn't itself siphoning data off somewhere is pretty well covered.
What's left is making sure that my build uses that source. Portage does this every step of the way. Remember, I use Gentoo btw so all compilation happens on-device. This also means I can insert additional protections against exploitation, as well as benefit from protections inherent from having different binaries than everyone else. @terryenglish @MischievousuTomatosu @Tony