To solve the trust issue, let us compile the important binaries ourselves and just include the source code and commands to do it.
That wouldn't be enough. Compiler/interpreter could be injecting code, system tools could be modified and more.
I'm not trusting this either. Too many red flags.