From d778760cc17aa127b6b6e2f294c45006d14f60b4 Mon Sep 17 00:00:00 2001 From: Max Goedjen Date: Sat, 14 Mar 2020 19:58:48 -0700 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1107e3c..072a2b0 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ For non-command-line based apps, like GUI Git clients, you may need to go throug ### Security Considerations -For the moment, you must build Secretive from source. For an app like this, it's critical that you trust that the app you're running is the app whose source you've checked out. To this end, Secretive has no third party dependecies, and is designed to be easy for you to audit for exploits. +Builds are produced by GitHub Actions with an auditable build and release generation process. Each build has a "Document SHAs" step, which will output SHA checksums for the build produced by the GitHub Action, so you can verify that the source code for a given build corresponds to any given release. ### A Note Around Code Signing and Keychains