Again: Trisquel Mini is a set of packages, which are individually updated
whenever needed. You can look at APT's history if you wish (APT is the
package manager): it is in /var/log/apt and it is timestamped.
There is no easy way to identify malware. Even given the source code. A
mere bug may introduce a severe vulnerability. Only installing what comes
from Trisquel's repository is the best you can do. That repository only
contains free software (a requirement to trust the software) and APT is
secure: https://wiki.debian.org/SecureApt
Auditing the source codes of every program you want before installing them
from these sources is impossible for a person alone (one single program may
"weight" millions of lines of code). If you are a programmer, you can do it
for a few programs (or pieces of them) though. 'sudo apt-get source' allows
to easily download the source code used to build a package. But for the
operating system as a whole, you need to rely on the rest of the community.
We collectively control the software.
