I've just been brainstorming on something, not necessarily something I'd consider taking any action on. Without reading through the source of bitcoin, I know that there's a feature that ensures that a member of the network cannot have an altered version of the program, or else the network rejects it.
How might one approach a project that is open source, is run as a compiled binary (varying OS's) that would make remote procedure calls to other remote binaries (same project) but ensure that the project was not recompiled with some malicious code in it. A version check doesn't do anything since it's open sourced and would just be recompiled witth he same version number. My only thoughts so far is a method to hash the binary to make sure its the same size. Issue with this is that 1) md5s would vary per OS I would assume (compiles differently per OS) and 2) someone can modify the method to spit out the static md5 result
Let me know if this does / doesn't make sense