[matheusmoreira]

> So only people capable of auditing source code and build scripts deserve to be able to trust software?

I don't know about "deserve" but it's true that we have the knowledge necessary to understand what a script or program is doing.

> There should never be any other way to offer trustability?

Of course not. Someone else can audit it for you. If you trust that person, then you also trust the software that they audited.

Linux distribution packagers are the simplest example I can think of. If something makes it into a Linux distribution like Debian, it's pretty trustworthy. That's a big reason why we users like that model. It's also why developers hate it.