[hobofan]

> As a customer, you already trust Kagi enough to feed them your entire search history, so I guess you don't think they're bad actors.

Do I? I'm not going to post sensitive information into a search engine no matter who runs it.

My search history ain't worth much. What the contents of e.g. my bank website are is.

[barbazoo]

There’s still trusting Kagi that what’s in the binary was built from the open source code right?

[pdpi]

I can build it myself and skip that step. Or, if the build process is reproducible, you can make trust less of an issue by having a small handful of independent people run their own builds and post their signatures. That way you need those people to all collude with Kagi to forge a bad build. This is how e.g. bitcoind binaries are handled.

[mistercheph]

With reproducible builds, and the way most people get packages, from their package manager: No.

[EbNar]

Fine. Thank you for the clarification.