[TriLUG] spyware

[Mike M]

I just read an article about spyware.  I googled "linux spyware" and
that people think Linux is immune.  That got me to thinking about the
chain of trust I subscribe to in using Debian.  For example, I use
mutt.  What if the upstream developer installed spyware?  Do I 
trust the Debian package maintainer to review the code and alert the
community to the problem?  I can't spend my time reading source for
every package I use.

THe only solution I can think of is to use a live-cd like Knoppix to
do critical and sensitive tasks like financial transactions.

Anybody else thought about this?
-- 
Mike

Moving forward in pushing back the envelope of the corporate paradigm.