But another “problem” is that you don’t know if the compiled program you use is actually based on the open source code or if the developer merged it with some shady code no one knows about.
Actually, there is a Debian project working on exactly that problem, called reproducible builds
yes and others are working on it, also! i believe some android folks are (f-droid iirc), and i’ve heard about it elsewhere. this stuff is super nerdy (so therefore cool to nerds such as myself). before the internet existed it would be so hard to even imagine the need for this sort of thing!
Actually, there is a Debian project working on exactly that problem, called reproducible builds
https://wiki.debian.org/ReproducibleBuilds
yes and others are working on it, also! i believe some android folks are (f-droid iirc), and i’ve heard about it elsewhere. this stuff is super nerdy (so therefore cool to nerds such as myself). before the internet existed it would be so hard to even imagine the need for this sort of thing!