{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigajdynimywkp5vafyrwenka76iuvufg3evr366hgxolaxzt2kno4",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmx2sww3xn62"
  },
  "path": "/t/submit-android-apps-to-our-appverifier-database/38125?page=2#post_30",
  "publishedAt": "2026-05-28T21:31:56.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "SLSA • Requirements"
  ],
  "textContent": "ignoramous:\n\n> For build attestations? GitHub is _great_!\n\nI think the workflow we will end up having is self-hosting a copy of data.yml on a privacyguides.org domain, and then recommending people download it from us and verify that download against GitHub with the `gh` commands above. The end goals on our end would be two sources of truth (us & GitHub) and revocable releases of the data.\n\nThere is also a Level 4, FWIW. Looking at SLSA • Requirements I think we could meet the source/build/provenance requirements for 3 (not 4) with releases, thanks for the note",
  "title": "Submit Android apps to our AppVerifier database"
}