How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?

  • jetA
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Sure, its about who you trust in this scenario. once you introduce a compiler it becomes unprovable. So what your threat model is, and who you can trust.