Hey Cosmo! I installed Sine in Windows yesterday 🥳, hit the Trojan warning (but ignored it), and then I finally joined the Discord and immediately was hit with the "Sine is a virus" garbage.

I thought it might be helpful to you if I provided some resources to help out here:

• Create releases in CI
• Pin GitHub actions to full-length SHAs (or set up the lockfile once that's GA)
• Use lockfiles for the project dependencies
• Build binaries in CI
  • CosmoCreeper/Sine
  • sineorg/bootloader
  • Sineorg/installer
• Set up immutable releases to ensure releases aren't tampered with (possible with current configuration?)
• Set up actions/attest to ensure that the binaries are the same as the ones built by CI
• Get a free signing certificate from SignPath

Obviously, only the last one will help with actually preventing the Trojan warnings, but given how much of a pain it is, that'll be a bit and we really should be doing the rest if we want to actually claim it's secure.