[dishsoap]

You probably already give Microsoft RCE on your computer (or Apple, or the maintainers of your linux distro, etc).

[Zambyte]

I'm curious why you think this is true of GNU/Linux distributions. I can't think of any besides Ubuntu (Snap) that this really makes sense for.

[TillE]

Unless you're running Gentoo or similar, you're trusting your distro maintainers to produce clean, non-malicious binaries any time you install anything from the package manager.

[Zambyte]

Choosing to download and run programs is not giving someone else RCE, unless you download and run something that allows for RCE. It's not an inevitable truth like it is with Windows or (usually) Ubuntu (not sure about MacOS).

[Joker_vD]

> Choosing to download and run programs is not giving someone else RCE, unless you download and run something that allows for RCE.

In my experience, auditing compiled executables is hard. How do you do this?

[mass_and_energy]

So what's your approach? Are you Amish? Or did you compile every component of your setup (UEFI firmware and [C,G]PU microcode included) from source after auditing it? Or are you just convinced that a system that can't have a third party run arbitrary code simply can't exist? Please elaborate.

[Novosell]

Simple. First, bootstrap a new universe...

[Zambyte]

Knowing if you have an RCE backdoor and having an RCE backdoor are two different things.

[a1o]

I don't think people read the code before running a build with portage

[zxexz]

Well, you hit the nail on the head with Ubuntu - I've been trying to cut that distro out of my life, and it keeps popping up every place I've worked at. I trust Debian dearly, but even then - there's just so much surface area! At least Debian is easy to strip down (and the docs are quite good). These days I like to be explicit about everything I have installed, and still - things seep through.