GitHub now supports immutable releases, which prevents tags associated with a release from being changed or removed after publication.
Enabling this feature for this repository and making a new release (to create an immutable tag) would improve supply-chain security and substantially mitigate the impact of slsa-framework/slsa-verifier#12: an immutable tag, like a hash, is pinned to a specific commit and can't be modified after publication, while not having the problems associated with referencing an SLSA generator by a hash.
GitHub now supports immutable releases, which prevents tags associated with a release from being changed or removed after publication.
Enabling this feature for this repository and making a new release (to create an immutable tag) would improve supply-chain security and substantially mitigate the impact of slsa-framework/slsa-verifier#12: an immutable tag, like a hash, is pinned to a specific commit and can't be modified after publication, while not having the problems associated with referencing an SLSA generator by a hash.