I'd definitely use the fork if I was satisfied by the trust assumptions in the build process.
Login to reply
Replies (2)
I agree but what would that involve?
Without the prospect of reproducability, probably have images built on runners with reputation to lose like github, circleci, etc with the job output printing the binaries hash.