@koeppelmann @IPFS Yeah 100% agree! We need a full hash-linked, signed, audited software supply chain, at *every* level, for *every* piece of code. Every mutable reference in a security critical context should be considered harmful. This is only going to get dramatically worse as AI improves.