How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
Sure, its about who you trust in this scenario. once you introduce a compiler it becomes unprovable. So what your threat model is, and who you can trust.