Ask HN: Why don't we create checksum for source code?
Suppose a developer puts the source code of an App in Github, so that we can review the source code to ensure it is securely safe for users. I know we create checksum for the binaries. But how can we know the App in App store is built from the source code in Github? https://nixos.org/ and https://guix.gnu.org/ are both angling to do this, but... it's hard. The majority of useful software will not build into identical binary files each time. If you trust the source code, it's usually easy enough to build a mature FOSS app yourself.