As an IT security loser it’s not your software I’m worried about, it’s your OpSec. I’ve seen enough innocuous software being owned and being used to deploy malware that it takes a lot of due diligence to trust providers of random binaries