Indeed. This situation is likely to be what the GPLv3 is going to address. If you distribute an open source program for a treacherous machine under GPLv3, you not only have to provide the source code, but also a means of ensuring that the recompiled code is usable. Which means that if the binary needs to be signed by trusted keys, then you must also supply a set of trusted keys along with the code so that someone who modifies the code can use the result as well.
Slashdot Mirror
Indeed. This situation is likely to be what the GPLv3 is going to address. If you distribute an open source program for a treacherous machine under GPLv3, you not only have to provide the source code, but also a means of ensuring that the recompiled code is usable. Which means that if the binary needs to be signed by trusted keys, then you must also supply a set of trusted keys along with the code so that someone who modifies the code can use the result as well.