Supply chain attacks (especially against Linux)

XZ Utils/SSH and now Polyfill against smartphones.

I just checked with *dpkg --list | wc --lines* and realized that I have 2939 packages installed on my machine with Ubuntu; and that's without counting pip packages that I have accumulated over time to satisfy the dependencies of software written in Python. What's the likelihood that any of them have been directly compromised with obfuscated/obscured code or have dependencies on other compromised Free and Open Source Software? This is extremely worrying. State …

attacks dependencies linux list machine packages pip polyfill privacy python smartphones software ssh supply supply chain supply chain attacks ubuntu written xz utils