Given the recent issues / compromise, could you look into getting releases signed with PGP/GPG. This enable users to be able to trust the software that is on the site for download.
IIRC this had been broached before and knocked on the head as it was too time consuming for Garrett. To work around that I would suggest that Joel create a key and have Garrett sign it, then either person could sign the installers as they are released.
IIRC this had been broached before and knocked on the head as it was too time consuming for Garrett. To work around that I would suggest that Joel create a key and have Garrett sign it, then either person could sign the installers as they are released.