@frehi Free and open source software, while nice, is not sufficient alone to stop backdoors in binaries see e.g. https://schneid.io/blog/event-stream-vulnerability-explained/
The bar is actually higher and includes https://reproducible-builds.org and https://wiki.mozilla.org/Security/Binary_Transparency