Why are we sure a package that is part of a linux distribution (Debian, Fedora, etc.) is trustworthy?
I guess it must depends on the distribution’s internal procedures and I know e.g. Debian has sid, testing and stable but my question is more: Is there somebody at e.g. Debian that checks the source code of packages before incorporating them in the distribution?
If not, how do they ensure they do not put crap in their distribution?
Thanks in advance.