Sign Windows releases with MrTrust certificate
This commit is contained in:
@@ -23,6 +23,7 @@ main
|
||||
- [x] External network calls documented for Connected Library.
|
||||
- [x] No private Connected Library credentials are persisted in v1.
|
||||
- [x] Connected Library requires HTTPS manifest and `.mrpack` URLs.
|
||||
- [x] MrTrust signing secrets are expected only as Gitea Actions secrets.
|
||||
|
||||
## Dependency Review
|
||||
|
||||
@@ -44,6 +45,7 @@ Pending successful Gitea Actions run.
|
||||
- [x] Connected Library manifests are stored locally in SQLite.
|
||||
- [x] Connected Library auto-update is disabled by default.
|
||||
- [x] `GITEA_TOKEN` is only for local agent API checks, not runtime app use.
|
||||
- [x] MrTrust signing does not bypass Defender, SmartScreen, UAC, or enterprise policy.
|
||||
- [ ] Full Tauri runtime permission review pending.
|
||||
|
||||
## Release Notes
|
||||
@@ -52,4 +54,5 @@ Known residual risks:
|
||||
|
||||
```text
|
||||
Connected Library update behavior is conservative and does not yet implement strict removed-file sync.
|
||||
Windows trust depends on publishing artifacts signed with the same certificate chain installed by MrTrust.
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user