783 B
783 B
Deployment
Risk: Binaries are replaced on the website with malicious ones
Status: Unmitigated
While this process is now mostly automated, should this automation ever be compromised then there is nothing in our current process that would detect this.
We need:
- Reproducible Builds - it is unlikely that we will be able to do this overnight, several parts of our build process (Qt builds, the recipe etc.) may introduce non-determinism. Nevertheless, we should seek to identify where this non-determinism is.
- Signed Releases - Open Privacy does not yet maintain a public record of staff public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.