All I'm saying is Team Peppermint can guarantee our own code is clean, but we haven't the manpower to fully audit all Ubuntu packages (that would be a MASSIVE task) and/or third party source code. to a great degree we have to trust that GNU --> Kernel.org --> Debian --> Ubuntu aren't out to get you (until shown otherwise), but so far nobody has shown this beyond possibly the Amazon lens (which we don't use, and wasn't "hidden" to begin with).
If we're carrying any malicious code it would most definitely be from an upstream source (and not us), and it would be a "linux as a whole" problem not just a "Peppermint" one .. and yet even though some of the most paranoid and clever people in the world have their eyes on the code (because they can), nobody is suggesting Linux has a problem.
I personally trust that "open" source "pretty much" guarantees nobody sticks malicious code in there because it would be pretty easy to find, the authors would be ostracised, and the code cleaned up or dumped.
What Ulysses_ is doing is that "many eyes on the code" in action .. he's taking the original source code from say LibreOffice, compiling it, and making sure the binaries produced from compiling it match those included in Ubuntu packages (to make sure Ubuntu aren't "adjusting" the binaries beyond what can be clearly studied in their patches) .. it's PRECISELY this kind of community scrutiny that ensures we're all safe, and keeps companies like Canonical (and us I guess) "in check"

Not only don't I have a problem with that, I applaud it .. it's a prime example of what makes open source work.