How can users confidently verify that a FOSS application is running from its published source code? Is there a easy way to check this, or is this based of checksum and hashes?

  • FooBarrington
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    2 years ago

    This won’t help verify a published binary unless the project is set up for reproducible builds.