Actually, I think there's a subtle distinction everyone's missing (which the original article may or may not have been making):
Unless one can compile it oneself, how can one trust that a particular version of a binary release correspond to a particular version of a source release?
If the process is reproduced by another trusted-enough source and is identical to the official release, then I'd say one can go ahead and trust the binary release of either one.
Sadly, I don't think this is generally done, though perhaps ones own spot-checking of the official release is enough.
That's supposed to be the basis of modern science, too, though, of course, it's not generally done there, either.
Unless one can compile it oneself, how can one trust that a particular version of a binary release correspond to a particular version of a source release?
If the process is reproduced by another trusted-enough source and is identical to the official release, then I'd say one can go ahead and trust the binary release of either one.
Sadly, I don't think this is generally done, though perhaps ones own spot-checking of the official release is enough.
That's supposed to be the basis of modern science, too, though, of course, it's not generally done there, either.