With a project like this it may make sense to use `git`'s GPG signing feature to verify the integrity of the code itself. https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work Just an idea.
With a project like this it may make sense to use
git's GPG signing feature to verify the integrity of the code itself.https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
Just an idea.