> I bet you would, though, if the built OS image were 100% reproducible except for the signature.
replyCryptoSecure, depends how done but again, neither can be fully trusted when they were headed by government agencies in the past.
I don't trust Linux now that Microsoft got mits on it with WSL. RedHat sold-out to IBM and Debian got in bed with Canonical. Arch & Valve I might lead more too but then again I guess they've got to make money somehow.
I use FreeBSD and I don't trust that either unless I can do make install world.