Obviously a backup is not going to help against perpetrators.
But perhaps the only way of ensuring that you are running trustworthy code, is not to "choose a distribution you can trust", but to put your trustworthy code on offline storage and make sure you run that code only.
Serious shops really do not run package managers on their precious database systems.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds