Forgive me if this has been asked before. I've purchased a copy of "ethOS", a GNU/Linux distribution that comes ready to mine ether, the cryptocurrency that backs the Ethereum network. The mining program bundled, ethminer, is distributed GPL.
The distro owner claims that no modifications have been made to ethminer, that he compiled from a certain label in a public repo. Because of the possibility of backdooring the software and stealing private keys, I want to confirm his statement. (Note: I am in no way accusing him of doing anything like that! Just performing due diligence!) ... but I can't think of a way to do it. It looks like my only option to be safe is to download the same source and compile it on my own and *not* use his. And hope it works even though it's not the binary he's tested with. (I can't think of a way to reproduce a binary with the identical hash without having access to the original build environment. Too many things would have changed.) Is there another option I've overlooked? J
