Compile it yourself, then, the source link is right next to the Windows link. If they are different, they won't work together
What if you compile on different machines ? Will they both have a same SHA-1 sum ?
Well after reading around, it seems that solution won't work so well..
You could recompile the source code and see if it yields the same binary. However, the exact binary can vary depending on a lot of parameters, including the compilation options and the exact version of the used compiler. Moreover, some compilers embed some "comments" in binary files, comments which usually include the compiler version but also may include the "build number" (if such a number is maintained) and, possibly, the build date and time -- in that case, you will not get the same binary, not down to the last byte. If you want to see if you got the "same" binary, you may thus have to first strip them of such comments (the Unix strip command may be useful).
Strictly speaking, compilation could be randomized; since generating optimal code is a hard problem, some compilers employ randomized algorithms which, heuristically, are good on average. Such a compiler could generate a distinct binary each time. Since such behaviour makes debugging much harder, many compilers who indulge in heuristic algorithms will still try to be reproducible (i.e. they will get their randomness from a PRNG seeded with a specific, configurable value).
There is a much simpler solution: if you have the source code and can recompile it, then just use the output of your recompilation.
Of course, this does not completely solves the problem of trust; it just moves it around. When compiling from source:
you have to trust that the source code does not contain backdoors;
you have to trust the compiler itself for not playing nasty tricks on you.
The only for sure way would be to review the source code and just have to trust my own compiled version, I guess.