The alleged botnet in the article here did not come through Apple or Adobe servers, it came through thepiratebay.org, demonoid, usenet, etc.. In other words, the safety of the official channels of distribution is largely irrelevant.

The only thing preventing this from happening in Linux is a lack of interest by trojan writers (they could already do it with vmware workstation which is surely available on pirate sites and requires root privileges to install) and perhaps a lack of proprietary 3rd party software (which I'm sure a lot of people will say is a good thing, but that's another discussion).

Well, not necessarily. I mean, a repo could be hacked. Fortunately, apt uses signed packets.

Fedora servers were indeed hacked if I remember correctly and malicious packets were uploaded but it was detected before they reached the users.

Repo security is certainly very important. But well, ultimately you have to trust someone?

The canonical example is http://cm.bell-labs.com/who/ken/trust.html

But I guess that there are two ways to feel really secure : either use openbsd, or just don't use the internet.

google "debian openssl fiasco"

Well that's not really fair. That was a software bug. It wasn't malware, and it had nothing to do with software installation.