[fsflover]

F-Droid app store has no malware, even though it does not benefit from Apple's approach to security. All you need in practice is free software.

[pjmlp]

Which besides a few users waiting for the return of OpenMoko, no one else cares about, including malware authors.

[fsflover]

Would you say the same about the Linux repositories?

[pjmlp]

Depends on how we go about regarding the Year of Desktop Linux, alternative repos, snaps and flatpak, and best of all, curl | sh installs.

[fsflover]

Let's just limit ourselves to servers with the original repos, for simiplicity.

[pjmlp]

So be it, many of these vulnerabilities can be used as entry point,

https://vulmon.com/searchpage?q=debian+debian+linux+11&sortb...

[fsflover]

I did not find any evidence of malware in the repos from your link. Vulnerabilities also exist for iOS and MacOS.

My original claim was that, in order to avoid malware in repos, all you need is free software.

If you want to avoid all vulnerabilities instead, try Qubes OS.