@nprofile1q... @nprofile1q... @nprofile1q... Neither open source or distribution packaging inherently provide privacy or security. It's not the case that people only use software from official repositories regardless.

Contrary to the common misconception, only using software from distribution repositories doesn't avoid trusting the upstream developers and doesn't address supply chain attacks. As an example, Debian shipped a backdoor in sshd after it was included in the xz project as part of the published sources.