Policy

Code Signing Policy

This page states the public code-signing policy for the OpenPets project. We sign our binaries to verify authenticity and integrity.

Free code signing provided by SignPath.io, certificate by SignPath Foundation.

Last updated: July 11, 2026

Trusted Build & Signing Process

Official OpenPets Windows releases are built only by the project's GitHub Actions trusted-build workflow and signed through the configured SignPath release-signing policy.

Project Roles & Responsibilities

Alvin Unreal (GitHub: alvinunreal) is the sole maintainer, committer, reviewer, and signing approver. Changes to release workflows, signing configuration, or packaging code require maintainer review and approval before release packaging.

Signing Scope

Code signing is strictly limited to official OpenPets open-source releases. The private key used is managed securely and is never exposed directly in our repository workflows.

Signing Operations

The SignPath verification and signing process runs as part of our CI/CD workflow. Release signing requests may pause on the GitHub Actions runner pending reviewer manual approval. Approvals must be completed in the SignPath dashboard by the signing approver before publishing proceeds.

Privacy & Network Behavior

Software distribution and runtime updates connect to external systems. OpenPets relies on third-party services like GitHub, SignPath, hosting infrastructure, and package registrars. Disclosures of data and connections are consistent with our Privacy (we do not claim the app runs without network access).

by Alvin