Great response, thank you.
We have been discussing this issue with the team as well.. And I completely agree on your points. Yet I think we found a way to go around this. As I am not a coder myself, so let me just try to recite what they told me:
It is possible to compile a source code to create a binary and get it hashed, so that you can check whether binary file you are using is the same as has been compiled before…
Therefore if we (with “supervision” by some trusted Community members) compile the software, it could be hashed and thus you could always check whether you are using the same file.
Provided you trust the community appointed “supervisors”
What do you think, would this help?