How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?

  • SpeakinTelnet@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Fdroid is great but OPs question is even more important then, installing an installer app without knowing its legitimacy could lead to many apps being infected.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Sure, its about who you trust in this scenario. once you introduce a compiler it becomes unprovable. So what your threat model is, and who you can trust.