This means you can verify the APK on the f-droid store matches what's in github by building it yourself and comparing the signatures.
And if you want to do this, f-droid has an automated way: https://f-droid.org/en/docs/Verification_Server/ Of course, you still have to trust the verification server source code, but that runs locally on your hardware and is auditable.