QubesOS is used by high valued targets such as whistleblowers. It seems to be a juicy target for agencies with resources much higher than the Qubes project.
It seems reasonable that QubesOS will be target of hacks or supply chain attacks, potentially in dom0.
What are the chances?
Science tells us chances are between 0-100%.
The forum does have a search function and to put it mildly: your question isn’t unique. So why don’t you read a bit before starting a new thread?
I have read quite a bit about QubesOS in the past few days on internet with interest, together with a good part of its documentation. Most of the Google searches link to this forum, but you are right, I should have searched the forum directly as well.
I see QubesOS has reproducible builds. The documentation also indicates that there are serious security mechanisms in place.
QubesOS doesn’t have full support for reproducible builds yet, only some parts can be built reproducible:
Thanks for the correction!