Write a little piece of open-source client software to take a hash of the source code. Check the hash every time you use it. Spread the tool around to a community of people who review every time the hash changes and publish (separately) a history of attested hashes.