If we follow through with it, I would absolutely never ever trust anyone from the US, for example. US is very much known for cyber espionage and shady operations, and could absolutely backdoor Linux.
This is all power play, and it comes from a very certain direction amidst this political struggle.
You want your open source code not to have backdoors? Review it meticulously. This is really the only way, and the one an entire open-source community relies on - pretty successfully, by the way.
The US is in many ways, as bad as Russia concerning privacy. If the Americans want a backdoor, they’ll get it too.
However, not many western countries are currently almost at war with the US, the US so far has been a very good ally to the Western countries. It is not in their interest to bring our hospitals down, or put a stop to our air traffic. They don’t gain much from hurting us. Russia does.
Russia does have an interest in bringing systems down and spying as much as possible. And they have no ethic restrictions at all.
So why should we leave an obvious angle of attack open? Sure, it’s supposedly to be found by code reviews, but why make their job harder?
Do we even have numbers on how many Russians have contributed?