[fsflover]

Would you say the same about the Linux repositories?

[pjmlp]

Depends on how we go about regarding the Year of Desktop Linux, alternative repos, snaps and flatpak, and best of all, curl | sh installs.

[fsflover]

Let's just limit ourselves to servers with the original repos, for simiplicity.

[pjmlp]

So be it, many of these vulnerabilities can be used as entry point,

https://vulmon.com/searchpage?q=debian+debian+linux+11&sortb...

[fsflover]

I did not find any evidence of malware in the repos from your link. Vulnerabilities also exist for iOS and MacOS.

My original claim was that, in order to avoid malware in repos, all you need is free software.

If you want to avoid all vulnerabilities instead, try Qubes OS.