Malicious Distros?

view story

http://www.linuxquestions.org – how do I know - how confident can I be - that a new Linux distro does not contain malicious software? I suppose some do! Can I test? "Security References" in http://www.linuxquestions.org/questi...erences-45261/ kind of covers the field, but I don't understand, say, what to do before/after downloading the ISO / burning the disk. Except for checking the MD5 signature of the ISO, but didn't somebody work out recently how to maybe theoretically fake that? In particular I'm interested in using Knoppix, Ubuntu, SystemRescueCD, maybe GParted Live. (HowTos)