This is an automated archive made by the Lemmit Bot.

The original was posted on /r/opensource by /u/Yosyp on 2023-10-07 11:40:20.


How can I know that the official distributed software binaries and libraries aren’t built from an internal, obscure, secret branch instead of the published source material, without manually comparing the resulted files with their unmodified compilations?

I’m a very big proponent of OS software but there’s a piece in the puzzle that’s missing to me.

Sure, you can download the source files and compile and build it yourself, that way you can be (almost) sure there’s no backdoor or something similar. But the Blender, Nextcloud, Linux distros executables and installers that I download from their respective official websites, how do I know they aren’t a derivative result of malicious manipulation?

Genuine question, I don’t seek flame.