Comment by hobofan
2 days ago
> As a customer, you already trust Kagi enough to feed them your entire search history, so I guess you don't think they're bad actors.
Do I? I'm not going to post sensitive information into a search engine no matter who runs it.
My search history ain't worth much. What the contents of e.g. my bank website are is.
There’s still trusting Kagi that what’s in the binary was built from the open source code right?
I can build it myself and skip that step. Or, if the build process is reproducible, you can make trust less of an issue by having a small handful of independent people run their own builds and post their signatures. That way you need those people to all collude with Kagi to forge a bad build. This is how e.g. bitcoind binaries are handled.
With reproducible builds, and the way most people get packages, from their package manager: No.
Fine. Thank you for the clarification.