Why are Linux packagers so trustworthy? In most distros, they're a group of volunteers. The group is smaller, but it's not impossible for someone with malicious intent to get the keys to the kingdom and upload packages with embedded malware.