This is why projects like Reproducible Builds are so important. Basing all of your security on a company's signature on proprietary code is too risky.
I elaborate on some ways to protect the digital supply chain while borrowing metaphors from the food industry in this post: https://puri.sm/posts/protecting-the-digital-supply-chain/
Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.
Stay safe. Please abide by our code of conduct.