2add1fde07
- GPL-3.0 LICENSE file (required for SignPath Foundation OSS program) - CODE_SIGNING_POLICY.md (SignPath Foundation requirement) - .signpath/config.yml (artifact signing configuration) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.2 KiB
1.2 KiB
Code Signing Policy
Overview
InstaDrums uses free code signing provided by SignPath Foundation via SignPath.io.
Signing Certificate
- Certificate provider: SignPath Foundation
- Signing service: SignPath.io
- Certificate type: Open Source Code Signing (EV equivalent for Windows)
Build Process
All signed binaries are built exclusively through GitHub Actions CI:
- Source code: https://github.com/hariel1985/InstaDrums
- Build workflow:
.github/workflows/build.yml - No binaries are signed outside of the CI pipeline
Team Roles
| Role | Responsibility |
|---|---|
| Author | Writes and submits code via pull requests |
| Reviewer | Reviews pull requests before merge |
| Approver | Approves signing requests on SignPath.io |
Privacy
InstaDrums does not collect, transmit, or store any user data. The plugin operates entirely offline and does not make any network connections.
Transparency
- All source code is publicly available under GPL-3.0
- Build artifacts are generated from the public CI pipeline
- Signing requests are logged and auditable via SignPath.io