docs: add security warning regarding official vs unofficial distribution channels

This commit is contained in:
Sebastian Palencsar
2026-06-24 18:38:51 +02:00
parent 91f18d8ab5
commit f613f47e98
2 changed files with 16 additions and 0 deletions

View File

@@ -33,6 +33,14 @@ Screenshots: KDE Plasma on Linux.
## Quick Start
> [!CAUTION]
> ### Official Distribution & Security Notice
> We only guarantee the security and integrity of our official distribution channels:
> 1. **Our official Flatpak repository** (`https://flatpak.bearwave.app/`), which is GPG-signed by the author.
> 2. **Our official AUR package** (`bearwave-git`), where the source code is cloned directly from our official GitHub repository and built locally on your machine.
>
> We **do not verify, support, or guarantee** the security of any other third-party binary repositories (such as unofficial repositories on the openSUSE Build Service, private arch repositories, or other third-party package mirrors). Installing from unofficial sources carries security risks, as the binaries are not compiled or controlled by the original author.
Three sensible paths right now:
### Option A: Flatpak (Recommended)

View File

@@ -2,6 +2,14 @@
BearWave is currently in a public beta phase. Security reports are very welcome and should be handled carefully, especially since BearWave processes external internet radio streams and metadata.
## Official Distribution & Security Notice
We only guarantee the security and integrity of our official distribution channels:
1. **Our official Flatpak repository** (`https://flatpak.bearwave.app/`), which is GPG-signed by the author.
2. **Our official AUR package** (`bearwave-git`), where the source code is cloned directly from our official GitHub repository and built locally on your machine.
We **do not verify, support, or guarantee** the security of any other third-party binary repositories (such as unofficial repositories on the openSUSE Build Service, private arch repositories, or other third-party package mirrors). Installing from unofficial sources carries security risks, as the binaries are not compiled or controlled by the original author.
## Supported Versions
During the beta phase, security fixes target the latest code on `main` and the most recent published release when practical.