How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
Yes, I agree with the trust and that it’s effectively equivalent for most users. But I read OPs reply as asking specifically for “a more automatic way of checking (that it was build from source cleanly)”.
I think expecting that this has already been cleanly solved years ago is not unreasonable (until you realize how many rabbit holes this whole topic has to go down to work well).