There are many things that comprise a successful Linux distribution, but there may be none more important than trust. Before you build a production Linux system, you have to trust that the distribution isn't going to contain malicious code or back doors or any number of other potentially major problems. Since the advent of Linux, this really hasn't been an issue.
In the rare occasions that back doors or spyware have been injected into a particular Linux distribution, the nature of the open source community is such that it has been discovered and patched quickly. But we're talking about clandestine operations here, such as a bad actor unrelated to the distribution getting access to the source tree and injecting their bad code in the mix.
Rest here