Risk: Binaries are replaced on the website with malicious ones

Status: Unmitigated

While this process is now mostly automated, should this automation ever be compromised then there is nothing in our current process that would detect this.

We need:

  • Reproducible Builds - it is unlikely that we will be able to do this overnight, several parts of our build process (Qt builds, the recipe etc.) may introduce non-determinism. Nevertheless, we should seek to identify where this non-determinism is.
  • Signed Releases - Open Privacy does not yet maintain a public record of staff public keys. This is likely a necessity for signing released builds and creating an audit chain backed by the organization. This process must be manual by definition.