From 362adfec86e4adc4e5797dca0510f1b54be07387 Mon Sep 17 00:00:00 2001 From: cyph3rasi <1+cyph3rasi@noreply.githop.xyz> Date: Sat, 11 Jul 2026 19:59:40 +0000 Subject: [PATCH] Switch releases from Gitea Actions to local builds --- Security-and-Privacy.-.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Security-and-Privacy.-.md b/Security-and-Privacy.-.md index da7c77c..bf6b918 100644 --- a/Security-and-Privacy.-.md +++ b/Security-and-Privacy.-.md @@ -33,11 +33,12 @@ sign `checksums.txt` with an offline-controlled release key and publish the public key independently. Checksum signing is listed as a launch gate in the [release checklist](Release-Checklist). -## Runner trust +## Release-machine trust -Release jobs execute on Gitea act runners. Only trusted, isolated runners should -receive release tags or release tokens. Do not run secret-bearing release jobs -from unreviewed fork pull requests. +Release builds execute on a maintainer machine, not on the Gitea server. Use a +trusted, patched machine; keep the release token out of shell history and source +files; scope it to the Hop repository; export it only for the publish command; +and unset it immediately afterward. Releases upload as drafts for review. ## Filesystem safety