Let's be honest - if you don't vet every single line of code in your OS and software toolset, you run the risk of exposing yourself. There are levels of trust to be sure, but there is always trust.
Let's be honest - if you don't vet every single trace and circuit in your hardware, you run the risk of exposing yourself.
Just trying to further emphasize your point, not be obnoxious. The truth is, there's almost no possible way to not expose yourself. Anything made by humans can be abused by other humans for personal gain.
Honest is that if all the source code that is compiled is available as open source and a binary with the same signature can be built using that code then the chances that the code acts against your interests is much less than binary blob that you can not vet... etc.
Partly because they do care about these things and they are sending patches upstream as well so as many as possible applications in Debian can eventually be build reproducible.
I hadn't seen it before, but even better they added this piece of text on that page:
"we care about free software in general, so if you are an upstream developer or working on another distribution, we'd love to hear from you! Just now we've started to programatically test coreboot and OpenWrt - and there are plans to test Fedora, FreeBSD and NetBSD too."
