Yes, if you want to, you can do that.

Understand that 99% are comfortable trusting downloads. They know that it's just as easy to sneak backdoors into source code as it is to sneak backdoors into executables.

See also: XZ hack.