22 lines
783 B
Markdown
22 lines
783 B
Markdown
# Deployment
|
|
|
|
|
|
## Risk: Binaries are replaced on the website with malicious ones
|
|
|
|
**Status: Unmitigated**
|
|
|
|
While this process is now mostly automated, should this automation ever be
|
|
compromised then there is nothing in our current process that would detect this.
|
|
|
|
We need:
|
|
|
|
* Reproducible Builds - it is unlikely that we will be able to do this
|
|
overnight, several parts of our build process (Qt builds, the recipe etc.)
|
|
may introduce non-determinism. Nevertheless, we should seek to identify where
|
|
this non-determinism is.
|
|
* Signed Releases - Open Privacy does not yet maintain a public record of staff
|
|
public keys. This is likely a necessity for signing released builds and
|
|
creating an audit chain backed by the organization. This process must be
|
|
manual by definition.
|
|
|