PSA: If you maintain security critical binaries PLEASE seek the help of a security researcher with supply chain attack experience.
I do this for a living. Hit me up.
Don't be a Hashicorp and give your release signing private key to a third party automated system.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!