[scentedmeat]

Well, let's just look at the source code and we can see when/where it got added.

[BoorishBears]

If it's really malicious and was done with coordination at MS, what would stop them from putting a backdoor in a binary build?

Sure people who build it from source would be protected, but that's still not the majority of users for a product like Skype. I don't get the OSS cause being shoehorned into every conversation.

[sleepychu]

Can you verify the binaries by reproducing them and comparing hashes? (obviously not of the whole binary but maybe some portion)

That would protect the users of those binaries.

[rocqua]

Deterministic compilation isn't commonplace yet. I'm not even sure if it's really usable at all yet.

Generally, we rely on signed binaries.

[sleepychu]

So the signature gives you confidence because you trust the signatory?

[rocqua]

Yes, or more specifically, because I trust the keys published by the developers are controlled only by the developers, and because I trust the developers to compile correctly.