@ax3 @captainepoch i guess keeping the keys safe whilst having a compromised builder limits them to having to put compromised artifacts on the builder to get shipped to signing, as opposed to being able to more easily sign shit themselves.

its better than nothing? though i don't understand the threat model :comfywoozy: