Would you recommend a different distribution mechanism? The Apple binaries are all signed (in accordance with Apple policies), and the team has historically invested significantly in supply chain security. e.g. (a now 2 year old article)
All those words to say that if there was a .github/workflow/release.yml showing the steps required to cook a release artifact that would be the best(?) documentation since it is kind of like a Dockerfile in that it's computer executable but mostly human readable
All those words to say that if there was a .github/workflow/release.yml showing the steps required to cook a release artifact that would be the best(?) documentation since it is kind of like a Dockerfile in that it's computer executable but mostly human readable
I don't mean to poo-poo all the "supply chain security" effort, but you have to recognize that right now it's "trust me, bro" since https://github.com/Homebrew/homebrew-cask/blob/27c351ccb59fb... does check the sha256, and good for them, but gives me no way to trace back to any file in https://github.com/flutter/flutter/tree/3.24.4