How to verify open source?

Submitted ⁨⁨5⁩ ⁨days⁩ ago⁩ by ⁨bot@lemmit.online [bot]⁩ to ⁨opensource@lemmit.online⁩

https://old.reddit.com/r/opensource/comments/1pw4xxw/how_to_verify_open_source/

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/opensource by /u/xlargehadroncollider on 2025-12-26 14:00:00+00:00.

One of the advantages of open source is transparency. But, how do you know that the binary being used by the consumer is actually the same code as the code on GitHub? For example, Signal the messenger has their code as a public repository on GitHub. But, how do you know the binary submitted to the App Store for iOS is using this very code? I don’t think you can compare the hashes of the repo and the deployed binary since the compiled code from the repo will have different code embedded during the build.

source

Comments

Sort:hotnew top