Not far enough. I won’t trust it until I can build it myself and self-host it. Then if they provide reproducible builds and hashes of the currently running build, I can decide whether it’s better to use their hosted version or my own.
My biggest gripe is that when companies provide “source code,” it often is technically reproducible and “works,” but only with a gigabytes-large binary blob that cannot be debugged and will not be sourced.
Not far enough. I won’t trust it until I can build it myself and self-host it. Then if they provide reproducible builds and hashes of the currently running build, I can decide whether it’s better to use their hosted version or my own.
I’d want both.
My biggest gripe is that when companies provide “source code,” it often is technically reproducible and “works,” but only with a gigabytes-large binary blob that cannot be debugged and will not be sourced.