> So, unless you're suggesting that apps be distributed as source code, and compiled locally on your phone, there's no way to determine if the binary the App store distributes is an accurate uncompromised representation of the original source.
That's simply not true. If Apple opened its distribution process, and everything was cross compiled (which is already the case) none of what I quoted above would be true. This is nothing for or against free software, it is about correctness.
I'm just not sure how that would work, without Apple, or the Developer having the opportunity to introduce malicious code. Signature or not, known process or not, there's no way I can think of to compare a clean compile of source, to the binary that you get on the app store since Apple retains a private key that is used to molest the binary in some way.
You would have to mean something else by "open its distribution process"
Or just blindly trust that Apple knows what they're doing and that it has its customer's interests bound to its own commercial interests.
This is why I mentioned the public keys. You can do the parts of the process short of the signing, then go the other way from the published binary with the public keys.
Sheesh, does everyone on HN need everything spelled out for them?
That's simply not true. If Apple opened its distribution process, and everything was cross compiled (which is already the case) none of what I quoted above would be true. This is nothing for or against free software, it is about correctness.