One of the purported advantages of open-source software is that in being so, it allows for multiple eyes on the code, and enables faster resolution of bugs. I think, also implied is an assurance about there not being any intentional security loop-holes in it.
Now, is that necessarily true? If I look at this in the context of GNU/Linux, you receive signed binaries from your favorite disto (even if source, you obviously don't have enough time to go through it all before installing). Isn't this flawed in terms of 'authenticity' of software?
Is there any way of implementing a security structure where code stays on a openly accessible platform where from you can calculate checksums to compare with what you got? Can this procedure be automated? Isn't such a procedure required?