This could be very beneficial for quick security patches, not just for HyperDEX but also any binaries we bundle.
However could also have security implications, if the update process was compromised then an attacker could instantly gain access to all HyperDEX users funds.
We could make an attack like this extremely unfeasible by also requiring the updates to be signed with one (or maybe multiple PGP keys). These could be owned by trusted developers, members of SuperNET etc.
An attacker would have to compromise the update process as well as all of the required PGP keys to successfully push an update.
This could be very beneficial for quick security patches, not just for HyperDEX but also any binaries we bundle.
However could also have security implications, if the update process was compromised then an attacker could instantly gain access to all HyperDEX users funds.
We could make an attack like this extremely unfeasible by also requiring the updates to be signed with one (or maybe multiple PGP keys). These could be owned by trusted developers, members of SuperNET etc.
An attacker would have to compromise the update process as well as all of the required PGP keys to successfully push an update.