alt Hacker NewsSame as anything else installed as a binary package - you trust the people packaging/providing the binary. If you don't, build it yourself. The source is publicly available.
Same as anything else installed as a binary package - you trust the people packaging/providing the binary. If you don't, build it yourself. The source is publicly available.
Or you build it yourself and verify you got the same checksum.
https://reproducible-builds.org/