Release - Security
Hi there
In the light of the recent issue with the attempted implementation of a backdoor via xz, did I and a couple of others discuss solutions, to further increase our security.
It was discussed, that some projects do not release (and due to that - not sign any tarballs, nor officially have someone responsible for that)
The lack of a certified release blurs the line between contributors and maintainer, and is besides that not ideal for packagers either. People also do lack to see the progress done by a certain app, or think its unmaintained at all, if they dont look at the commits. I suggest to regularly release a tarball of kcp. Thanks a lot for all the work you are doing.
Matthias