alt Hacker NewsBut do they audit the code? I say mostly no. They grab the source, try to compile it. Develop patches to fix problems on the specific platform. Once it works, passes the tests, it's done. Package created, added to the repo.
Even OpenBSD, famous for auditing their code, doesn't audit packages. Only the base system.
While I haven't audited line by line everything that I've uploaded in Debian, I do look around and for new versions I check the diff with the old version.