You’re putting a lot of faith in whoever packages the ‘distro’.
Obviously you have the same problem with trusting FOSS software distributions, but it’s mitigated by things like Linus’ Law and reproducible builds.
That being said, I personally use tiny11 VMs for certain non-critical things at home and work. I’d never use it for anything security related, or as my main OS, as there is a non-negligible chance that it’s compromised (and there’s basically no way of knowing).
I haven’t heard this before. Why do you say that?
You’re putting a lot of faith in whoever packages the ‘distro’.
Obviously you have the same problem with trusting FOSS software distributions, but it’s mitigated by things like Linus’ Law and reproducible builds.
That being said, I personally use tiny11 VMs for certain non-critical things at home and work. I’d never use it for anything security related, or as my main OS, as there is a non-negligible chance that it’s compromised (and there’s basically no way of knowing).