Is there a way of signing binaries to ensure that they are built from a specific source code? I do not want to trust the creator of the binary, I want to trust only available source code that can be audited.
@xiroux Two possibilities to mind:
1. Compile it yourself. Maybe do a binary comparison.
2. Check if multiple parties you trust not to be colluding get the same result.
But I might have missed something.
@xiroux if there isn't it would be a great idea to develop!
comparing to google