Wesley shared this video with me:
That’s just now how open source works. You have a developer(s) who is responsible for maintaining a program. Anybody can view, modify, or use the code, but to get a modification into the application they need to submit a patch and the developer has to accept the patch. The developer behind the project would not accept a malicious patch because the developers that maintain the package for the various Linux distributions would be looking at the changes, which as open source software would all be readily available to review. Something like a virus being added to an open source program would be caught within hours or days.
The people who need to worry about viruses are Windows users, especially those who run using an administrator account.