http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/tr/2023/09/03/reproducible-builds-signing-keys-and-binary-repos.html
A good security feature to be used in this context, though it originally was intended for something else: Binary repositories What is that you ask? Well: F-Droid is not tied to the single repository operated by F-Droid itself. Everyone can set up a custom repository. Like the apps F-Droid distributes, all its code is free and libre, too.