"Or do you compile your distro youself after reviwing every line of code? useful idiot!"
No need to be melodramatic about it. With the Unix/Linux model of security, you don't need to review every line of code yourself unless you're a non-American intelligence agency (at which point you also need to xray the CPU for "hard"-coded backdoors).
Typically you need to "only" pore over the source code for the kernel and everything else that runs with root privileges (I know this is still a massive undertaking but significantly less daunting than examining the entire OS). So if you want to be reasonably secure, you'd compile the kernel and system utils yourself (doable in Debian/Ubuntu using "apt-get source src-package" followed by a forced install of the resulting self-compiled package).
This is the premise around which the OpenBSD developers base their claim of being the most secure Unix-like operating system. If the base OS is secure, you can be much less fussy over the source code for the Gimp, LibreOffice, VLC and other FOSSware, provided you don't run the programs as root.
The question remains for Microsoft will the base OS compile from source the way one can compile LInux and BSD from source?