How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?
Fdroid is great but OPs question is even more important then, installing an installer app without knowing its legitimacy could lead to many apps being infected.
Sure, its about who you trust in this scenario. once you introduce a compiler it becomes unprovable. So what your threat model is, and who you can trust.