auditing the source code of packages

[Hesham136]

Do you audit the source code of the open source packages before adding it to the repo (like fedora,ubuntu & debian) to check it's security or you just insure the stability ?

in my case I'm asking about SubtitleEdit .

did you (microsoft) audited the source code of SubtitleEdit or not?

[lin-ycv]

I highly doubt anyone has that much time to manually review the source code of every single package.
When a package pull request is made, the installer is installed in a VM to check for various things, I believe one of the things it checks for is the behaviour of the installer, just like a virus/malware scan, as you can see from the label Package Flagged, if the installer does something weird, it gets flagged.
However, I believe it does NOT check the program itself.