[cmcd]

It wouldn't have to be Microsoft exploiting this though, a few rogue employees that can modify their telemetry system could do this on their own. There is no external oversight for Windows but on Linux there are thousands of people looking at changes even if you aren't looking yourself.

[paulgb]

There is no external oversight to ensure that the compiled binaries in the Elementary OS iso match the published Linux kernel code, either.

[AnIdiotOnTheNet]

Linux Desktop isn't just the kernel, there's a lot of stack to exploit between that and the user, and history has shown that "many eyes" doesn't stop security problems from getting through. Hell, sometimes package maintainers introduce problems themselves independent of the developers.

That isn't even counting the hardware stack underneath your kernel. What parts of your machine were manufactured in China? Is Intel IME trustworthy? What about all those firmware blobs?

[ryanlol]

> there are thousands of people looking at changes even if you aren't looking yourself.

I’m sorry, but it’s really obvious that you don’t really know what you’re talking about.

Very few commits are looked at by more than a handful of people. If you’ve ever had any involvement in FOSS development you must know this.