Without some sort of reproducible builds (which are really finnickey to actually get) this doesn't really help though. Adding some set of malicious patches before doing the binary release is trivial.
Without some sort of reproducible builds (which are really finnickey to actually get) this doesn't really help though. Adding some set of malicious patches before doing the binary release is trivial.