I think one should also mention the reproducible builds, which allow to verify that the executable is produced from the known source code. You won’t have to compile it yourself then, “just” audit the source code. You can also rely on the community, where everyone audits a tiny part of the source code.
1 Like