Public release log + update channel.
Every Dryx release is dual-signed, publicly auditable, and verifiable end-to-end before it touches your machine.
What lives here
log.txt
Append-only record of every official Dryx release. Each line carries the version, SHA-256 of the binary, and the EdDSA signature over its release manifest. Gaps are publicly visible — an unofficial release is detectable by its absence.
appcast.xml
Sparkle 2 update feed for the direct-download channel. Signed with EdDSA per release. Dryx refuses to apply any update whose appcast entry doesn't verify against our public key.
pubkey.txt
The EdDSA public key Dryx uses to verify release manifests. The corresponding private key is held offline on dedicated hardware. The same public key is also compiled into the Dryx binary — they must match, and Dryx surfaces an alert if they don't.
How verification works
Every Dryx release ships with two signatures:
- Apple Developer ID — verifies via macOS Gatekeeper at install. Apple-revocable.
- Offline EdDSA — signed by a key Dryx never holds online. Even if Apple revokes our cert, Dryx still proves authentic.
Dryx checks both on every launch. If either fails, Dryx refuses to start and surfaces what failed — no silent compromise path.
For security researchers
Found something? Coordinated disclosure: dryx.ai/security. PGP key + 90-day disclosure window.