Craig Hockenberry, on reports that the CIA is actively working to compromise the integrity of Xcode:
The article refers to “Xcode” generically, but as we all know,
there are a lot of pieces to this puzzle: I’m going to examine a
few of them below. It’s your job to think about how these things
might affect your own products.
The bottom line: You can never fully trust code you aren’t compiling from source. And even when you do have the source, you’re fucked if your compiler has been compromised.