external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2024-11-22 05:27:28 +00:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Max Goedjen 2020-03-14 19:58:48 -07:00 committed by GitHub
parent ee23c97b09
commit d778760cc1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -38,7 +38,7 @@ For non-command-line based apps, like GUI Git clients, you may need to go throug
### Security Considerations ### Security Considerations
For the moment, you must build Secretive from source. For an app like this, it's critical that you trust that the app you're running is the app whose source you've checked out. To this end, Secretive has no third party dependecies, and is designed to be easy for you to audit for exploits. Builds are produced by GitHub Actions with an auditable build and release generation process. Each build has a "Document SHAs" step, which will output SHA checksums for the build produced by the GitHub Action, so you can verify that the source code for a given build corresponds to any given release.
### A Note Around Code Signing and Keychains ### A Note Around Code Signing and Keychains