[kekebo]

This whole issue got raised by the package maintainers from debian[1], so yeah, there are sources and people you could consider to trust.

But of course nothing beats compiling from source.

[1]https://news.ycombinator.com/item?id=9724409

[cwyers]

If you don't have the time, skillset or inclination to review the source you're compiling yourself, trusting a third party who you have reason to put faith in beats compiling from source yourself.

[dtech]

> But of course nothing beats compiling from source.

Did you assemble a bootstrap compiler yourself? Your binary compiler could be backdoored! [1]

[1] https://en.wikipedia.org/wiki/Backdoor_(computing)#Compiler_...

[hahainternet]

I've no idea why you've been downvoted. While it's not amazingly pertinent, it's worthy to note that security from source assumes your compiler is being honest.