[buss]

Very cool idea, but my first thought is a worry that this will turn into Trojans-as-a-service. The last thing I want, as a developer, is to hand over binary build to an untrusted third party that's injecting unauditable code into my app. You need to provide transparency to hit the market you're after.

[allset_]

It seems publishing to https://sigstore.dev/ and having your update agent use that would be a solid starting point for smaller developers.

[Sebguer]

See recent Codecov compromise for how this can go wrong.

[enatik]

That’s a valid concern, but Pakkly has never and never will modify your app. It will be installed exactly as-is, with a proxy launcher to facilitate updates. I’m also working on getting that launcher PGP signed so you can verify it’s from us.

[latexr]

> Pakkly (…) never will modify your app.

Realistically, are you able to make that promise? In practice that would mean you could never sell the company, because current promises go out the window in that scenario (see every company acquired by Facebook).