So if you want to avoid trusting trust, you need to audit not only a C compiler and the source code for the Go compiler you plan on using, but also every past Go compiler as well?
You could audit the Go source and then use the diverse double compiling technique[0] to verify that the binary you're using corresponds to that source code.
What if any intermediate version is found to contain the violation of trusting trust? Every go maintainer has to build every version sequentially from that version to current version.
