• Table of Contents
• General
• Open Source
• Licensing
• Use of Open Source tools
• Code
• Git
• GitHub verified commits and 2FA
• Static analysis
• Security best practices
• Digital Signatures
• Executable signature
• Tamper-proof signed executable
• Update signature
• Overall download signature verification
• General application behaviour
• Data Collection and User Consent
• Data preservation
• GDPR
• Mitigated risks
• Download of Syslinux/GRUB resources
• Hash DB table mitigation
• Remote script execution
• Other
• Reproducible Builds