There is an on-going discussion on r/bitcoin re this post where some Bitcoin Core developers are commenting on the post. Worth checking out: <a href="https://www.reddit.com/r/Bitcoin/comments/4yhhe1/securing_bitcoin_core_releases_with_blockstack_a" rel="nofollow">https://www.reddit.com/r/Bitcoin/comments/4yhhe1/securing_bi...</a>
Regarding this particular attack, isn't it addressed by reproducible builds?<p>If the bitcoin software binaries are being replaced by nefarious actors, the hashes would conflict by those generated by source compilation. Is there a reason this doesn't work?
This seems to not solve the problem for a variety of reasons, probably most trivially if Bitcoin is compromised you can't use Bitcoin to check if Bitcoin is compromised, so you need other software to validate the chain.