Trusting to non-reproducible build is same as trusting closed-source - you’re trusting the entity, not the code.
Non-reproducible = non-verifiable. It has nothing to do with openness of the code.
You never know whether entity has put a tiny backdoor in the code (by reversing single boolean operation - flipping a bit) which is no different from being completely closed. So trust model is identical. Open-source just creates false perception of the higher trust.
1 Like