post a bunch of obfuscated source and a bunch of binaries. most people will install the binaries anyway . ( who compiles everything from scratch anyway ) so a small 'difference' between the posted binary and the clean source and you have a nice entry point.

Why obfuscated? Here's a better one. Post real, honest to go source for something useful and moody binaries. When binary is run it does nothing but drop a trojan and then fake an error. I reckon 95% of people will go "oh shit, it doesn't work", uninstall the original binaries and forget about it. 4.9999% will go on to grab the source, compile it, find it works and forget about it. That leaves just the 0.00001% who'll go to the trouble of subsequently examining their compiled version, comparing it to the supplied one as potential troublemakers.