I doubt that a server would be an attractive target for common thieves. It’s heavy, bulky and not immediately clear how well it would resell and how valuable it actually is. So yeah… Just have plenty of other more stealable things lying around I guess 😄
Nah not really…most of the time I’m at least doing a light metadata check, like who’s the maintainer & main contributors, any trusted folks have starred the repo, how active is development and release frequency, search issues with “vulnerability”/“cve” see how contributors communicate on those, previous cve track record.
With real code audits… I could only ever be using a handful of programs, let alone the thought of me fully auditing the whole linux kernel before I trust it 😄
Focusing on “mission critical” apps feels pretty useless imho, because it doesn’t really matter which of the thousands of programs on your system executes malicious code, no? Like sure, the app you use for handling super sensitive data might be secure and audited…then you get fucked by some obscure compression library silently loaded by a bunch of your programs.
Wireguard on a VPS and run it through port 443. That should get you through most things that don’t do TLS inspection