I’m thinking that software like Signal, Bitwarden, Firefox and RHEL is more likely to be pushed (by unconventional methods) to introduce backdoors under Trump 2.0. Less complex software that is developed by an international community is of course less suseptible.
What do you think? Will the risk be higher during Trump 2.0 or is the FOSS community diverse and international enough? Am I just paranoid and irrational?
Closed source software and cloud is of course a no brainer since always. But clompex FOSS with centralized development and hosting pretty much suffers from the same problem.
Source is open, and every part of the build can be reproduced openly – and every file in the deliverable is checksummed into a signed manifest. You can tell when a file is polluted or just rebuild.
Enterprise OSes are different. Levels of validation is one way.