Risk: Binaries are replaced on the website with malicious ones
While this process is now mostly automated, should this automation ever be compromised then there is nothing in our current process that would detect this.
- Reproducible Builds - we currently use public docker containers for all builds which should allow anyone to compare distributed builds with ones built from source.
- Signed Releases - Open Privacy does not yet maintain a public record of staff public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.