We'd like to verify, not trust.

The whole point of a signature is that you are able to verify what was signed was in fact a message that was signed by signer.

▲

robinsonb5 4 hours ago | parent [-]

Sure, but a signature doesn't prove that a particular binary came from a particular codebase - merely that a particular human (or other trusted entity, for varying degrees of "trusted") has vouched for it.

Being able to reproduce the binary from the source code and being able to verify that it's the same as the original is quite important in some contexts.

	▲	charcircuit 4 hours ago \| parent [-]
		>Being able to reproduce the binary from the source code and being able to verify that it's the same as the original is quite important in some contexts. I disagree. The contexts that people come up with are purely theoretical, and are not practically important. Please do try and convince me otherwise by sharing such a context. From my view the juice of trying to accomplish this is no where worth the squeeze.