Or, put another way - would using a fully patched and hardened Linux distro of some denomination or the other warrant a visit from the secret police, suggesting you revert to using Red Star for -ahem- patriotic and surveillance purposes?
RedStar OS contains all the surveilance features North Korea could possibly want anyway .
Why would you need backdoors when you have a widely opened front door?
I would strongly assume that using RedStar is mandatory in NK.
Someone clever/subversive enough could feasibly create a samizdat Red Star distro which had most of the known surveillance features disabled, for instance.
Consider the population of NK (not large — 24 million). Now consider that it's a closed society; access to foreign media and learning materials is going to be restricted. Now on top of that, consider that learning to program requires (a) learning an enemy language (danger! spy/defector warning klaxon!) and then access to lots of presumed-subversive foreign tracts that are sufficiently abstruse and arcane to give the state censors a really big headache ...
I bet that cuts down the developer pool a little, doesn't it? If you can only allow ideologically trustworthy people access to the material they need in order to learn to code, which you need in order to build a guaranteed ideologically sanitized sandbox OS in which you can raise your less-definitely-loyal future cadres of infowar warriors, then you don't have many developers and they are picked for their loyalty rather than their ability by managers who literally can't understand the hacker mindset. (Or even the ordinary working stiff business app developer mindset.)
So RedStar was probably thrown together in a hurry by a handful of amateur programmers/professional party cadres in an atmosphere of extreme mistrust and paranoia that rewards sweeping problems under the rug (where the big party bosses won't know to look for them). Hence it being a knock-off of Red Hat 3 from 1998 with added Hangul text handling, or something.
I guess when your entire nation is a state controlled echo chamber it's easy to just think that criticism of your code is just jealousy of your achievements.
Would you say an offline VM should provide a kinda sorta safe test environment or should I really run this on some old metal? I really want to try it and a VM seems more comfortable to revert after messing shit up, but seeing as this is an operating system from a horrible totalitarian dictatorship, I fear publicly available versions might be leaked on purpose to get decadent Westerners like me to install, revel in my perceived superiority and then wind up as an unwilling proxy for Kim surfing Pornhub?
Maybe I should just try Justin Bieber Linux instead ...