How truly trustworthy are binary files on Linux? I only ask this question because of a recent article on Slashdot that brought up an interesting point about binaries distributed on Linux. Not directly of course, but the implications are there. In essence, the article is talking about Hushmail, an email encryption program that not only appears to be compromised, with numerous backdoors and decryption hacks included in the binary, but apparently this is being done in order to appease the FBI and other government agencies.

Now... this hasn't been proven to be true as of yet, but the evidence for it is significant. The biggest evidence is that the file hash (a hexadecimal method for checking file integrity) for the binary executable offered by Hushmail *does not match* the file hash for an executable compiled from the source code provided on their site.

So there are two different hashes?

More Here