@ChasMusic @carol
Fundamentally no, you can't 100% be sure. Look up "reflections on trusting trust".
In practice, you can build your own binary from the source yourself and be quite confident it runs the way the source code tells it to run.
The problem then is, how much do you trust the source code,
Follow
Trusting trust only applies if we're taking about something that's a dependency of the compiler (or rather of the toolchain). Otherwise this is just the tedious problem of whether the build process is deterministic (e.g. does it include current time somewhere in the output?).
