I'm finding this entire thread to be incredibly disappointing. If you actually took security seriously, you would have substantiated your claims from the start and taken a moment to also determine the best way to communicate your concerns with us.
Both Justin and EbonJaeger have provided our dedicated security form and it is absolutely trivial to look up the best way to get in touch with us privately, we have a dedicated section on our Help Center about it. Instead of a moment of research, you opted to post claims of rootkits in our ISOs, in the public, and providing no actual evidence alongside it. And when pressed for such evidence, it turns out it is solely a log for a tool which is know to give false-positives and is only issuing warnings, not found rootkits (because there aren't rootkits in our ISOs).
Had you also taken the time to perform further research, as someone presumably caring to provide a comprehensive security report to us, you would have also independently verified the integrity and signed status of our ISOs. You did neither. Furthermore, you did no research into how eopkg actually provides hashes for packages (not ISOs, which you claimed as the primary issue here), otherwise you would have realized that while there are always improvements to be made to eopkg for security, our current use of hashing within the individual packages and global index is sufficient enough to ensure the overall integrity of the packages being delivered to your system. You're also casually intermixing software and hardware issues in some obscure attempt to validate your claims, which most (if not all of them) can likely easily be explained or reviewed by the appropriate upstream developers, including issues which you are encountering on completely different operating systems.
While I'm sure @DataDrake would be happy to look over whatever information you do eventually decide to provide, I do also want to respect the time and resources of the entire community. I'm incredibly disappointed in your behavior and how you have treated other members of this community, all of which are heavily invested in providing you a good end user experience, whether they are engaging with you on flarum, performing translations, filing bug reports, updating packages, etc.
Building on this, Bryan provided you the expectation that you abide by our Community Guidelines and not harass other members which are only attempting to listen to your claims and work with you to investigate them. Instead, you have continued such destructive behavior and language. This is behavior that is entirely not acceptable and you were provided a sufficient warning to correct it. Given your refusal to do so, I will be locking this post. Should your behavior continue in this manner or you opt to take the opportunity, with an account on our forums which is not suspended at this moment in time, to create subsequent posts about this matter, I will suspend your account as part of our constant upholding of our Community Guidelines.
You are encouraged to reach out to us through the appropriate channels (our Security Issues form template on our Development Tracker being the best way to do so) should you not find @DataDrake's responses and my investigation into the integrity of the ISOs to be sufficient.
Have a nice day.