I'm still a PPA novice so my answers might not be 100% right....
Very nice! Let me ask some dumb questions:
I've setup a launchpad PPA to host Ubuntu packages of bitcoin.
What does PPA stand for?
Does launchpad help solve the 'trusted build' problem-- e.g. does the build process automatically fetch from source code that we can all look at and audit?
It won't automatically fetch the source, but it does force me to upload the source (and an optional patch) and builds packages from those.
In this case I took the tarball from sourceforge. The patch is minimal, just thin wrapper around the bitcoin makefile to keep the debian build system happy.
On
https://launchpad.net/~stretch/+archive/bitcoin/+packages you can poke around a bit and you'll see download links for all the various files, and on
http://launchpadlibrarian.net/61656269/bitcoin_0.3.19-maverick6_source.changes you'll be able to verify the checksums match to the original tarball.
How hard would it be to setup something similar to produce regular builds of the github integration repository?
Right now, the bitcoin build process is "Satoshi does it." Using Launchpad to create the Linux builds seems like the right way to go.
With your own dedicated machine it would be fairly easy, just a cron job to checkout a snapshot, tar up and submit to launchpad. We can eliminate the patch file by checking those changes back into the main source tree.
I don't know whether or not launchpad could host the cron job for us.
Last dumb question: are there services similar to Launchpad for building Mac/Windows software?