Access Control¶

Repository Access¶

• write access restricted to maintainer(s)
• contributions via pull request only

Release Control¶

• only authorized maintainer can produce official releases
• release artifacts should be reproducible and verifiable

Artifact Trust Model¶

• users should verify artifacts independently
• no implicit trust in distributed binaries or archives

Principle¶

Access is minimized and explicit. Trust is never assumed.