Not at all. Pulling sources, reviewing and vetting them and finally building are completely different steps.

Linux package maintainers do the vetting. Buildbots build in a clean room environment, without Internet access.

If you mix up the steps supply chain security is gone.