You can trust the software in your distro’s repositories (if you run a distro with well-maintained repositories). This is because, generally only well-known software gets packaged, the packager should be familiar with both the project and the code, and everything is rebuilt on the distro’s own infrastructure, to ensure that a given binary actually corresponds to the source.
It might still be possible for things to slip through, but it’s certainly much safer than random programs from online.
Yourself and the code you read and understand. So as long as you don’t use a system where this is possible (say 9Front and the like) you trust nothing and nobody, do careful backups and don’t go on a installation spree.
So who can you trust?
You can trust the software in your distro’s repositories (if you run a distro with well-maintained repositories). This is because, generally only well-known software gets packaged, the packager should be familiar with both the project and the code, and everything is rebuilt on the distro’s own infrastructure, to ensure that a given binary actually corresponds to the source.
It might still be possible for things to slip through, but it’s certainly much safer than random programs from online.
Yourself and the code you read and understand. So as long as you don’t use a system where this is possible (say 9Front and the like) you trust nothing and nobody, do careful backups and don’t go on a installation spree.
Depends on.
If you’re not using your PC for highly critical applications, go high-trust mode, and read news about those who become untrustworthy.
For critical applications, always check the usernames of the developers, use software trusted by others, etc.