Trusted Build & Signing Process
Official OpenPets Windows releases are built only by the project's GitHub Actions trusted-build workflow and signed through the configured SignPath release-signing policy.
Policy
This page states the public code-signing policy for the OpenPets project. We sign our binaries to verify authenticity and integrity.
Last updated: July 11, 2026
Official OpenPets Windows releases are built only by the project's GitHub Actions trusted-build workflow and signed through the configured SignPath release-signing policy.
Alvin Unreal (GitHub: alvinunreal) is the sole maintainer, committer, reviewer, and signing approver. Changes to release workflows, signing configuration, or packaging code require maintainer review and approval before release packaging.
Code signing is strictly limited to official OpenPets open-source releases. The private key used is managed securely and is never exposed directly in our repository workflows.
The SignPath verification and signing process runs as part of our CI/CD workflow. Release signing requests may pause on the GitHub Actions runner pending reviewer manual approval. Approvals must be completed in the SignPath dashboard by the signing approver before publishing proceeds.
Software distribution and runtime updates connect to external systems. OpenPets relies on third-party services like GitHub, SignPath, hosting infrastructure, and package registrars. Disclosures of data and connections are consistent with our Privacy (we do not claim the app runs without network access).
Code signing services and infrastructure are provided subject to the SignPath Terms of Service .
by Alvin