acottuli
commented
11 hours ago As a workaround, I ended up installing the latest nightly build instead of the latest release build, but it's worth noting that the latest version on the Releases page is the only currently supported version.
In case you hadn't realised the GHA logs containing the SHA of the latest zip file (i.e. v2.4.1)[1] have expired[2], which means the build process is no longer auditable[3].
Unfortunately it doesn't look like there is much you can do about this other than to rebuild the binaries every 90 days[4].
[1] https://github.com/maxgoedjen/secretive/releases/ [2] https://github.com/maxgoedjen/secretive/actions/runs/7648958148/job/20842568707 [3] https://github.com/maxgoedjen/secretive/blob/main/FAQ.md#why-should-i-trust-you [4] https://docs.github.com/en/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization