Shameless plug of my own: Last month I shared a post sharing a few thoughts on secure software redistribution, notarization, safe updates, and so on: https://henvic.dev/posts/cs-security/