Require signed commits
It looks like Europe is considering requiring browsers to trust government HTTPS certificate authorities.
https://www.eff.org/deeplinks/2021/12/eus-digital-identity-framework-endangers-browser-security
If this amendment becomes law, it could tempt undemocratic countries across the globe to introduce mandatory CAs of their own in order to scan and manipulate Web traffic, something that has already been attempted in Kazakhstan. But this time it won't be easy for browsers to take a stand against such invasive measures...
HTTPS may soon no longer be enough to keep KDE contributors safe, so please prepare ahead of time.