Update README.md

This commit is contained in:
Max Goedjen 2020-03-14 19:58:48 -07:00 committed by GitHub
parent ee23c97b09
commit d778760cc1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -38,7 +38,7 @@ For non-command-line based apps, like GUI Git clients, you may need to go throug
### Security Considerations
For the moment, you must build Secretive from source. For an app like this, it's critical that you trust that the app you're running is the app whose source you've checked out. To this end, Secretive has no third party dependecies, and is designed to be easy for you to audit for exploits.
Builds are produced by GitHub Actions with an auditable build and release generation process. Each build has a "Document SHAs" step, which will output SHA checksums for the build produced by the GitHub Action, so you can verify that the source code for a given build corresponds to any given release.
### A Note Around Code Signing and Keychains