Operations
Releases & Supply Chain
Signed releases, SBOM, reproducible builds.
Cadence
Cipher follows a rolling release-candidate cadence pre-mainnet, then SemVer post-mainnet. Patch releases ship for security and consensus-affecting bugs.
Supply chain
- SHA-256 checksums for every artifact
- CycloneDX SBOM with each release
- Sigstore-signed binaries verifiable with
cosign - Reproducible build instructions in
BUILDING.md