Without the prospect of reproducability, probably have images built on runners with reputation to lose like github, circleci, etc with the job output printing the binaries hash.
Login to reply
Replies (1)
I'd probably do some cursory review of the fork diff to understand how the new dependancies are being sourced. A niche fork is always going to get less review and a bitcoin focused fork is going to be a target.