[jugg1es]

Love the idea. Does this use any sort of checksum to protect the clients from potential attacks to your system? I'd feel uncomfortable using this without security being a primary thing featured on the website and explained in detail. I'd also be nervous using a third party service as my delivery/update mechanism for fear of them going out of business and now I have no way to provide updates.

[enatik]

Currently there’s have no way of generating checksums or cryptographic signatures as Pakkly doesn’t enforce any structure on apps. They are delivered straight from GitHub releases so the security considerations are the same as downloading from a browser.

I’m developing a CLI tool to allow signing and notarizing your apps and the installer itself. Hopefully that will alleviate some of the concerns you have.

The third-party service angle is understandable, but I’m not certain how it’s any different from any other third-party service.