For `project`, improve security of releases (suggestion)

# Context

Today in 2026 we, open source maintainers and users, face a lot of supply chain attacks.
These attacks are based sometimes on maintainers accounts compromises were attackers push rogue version of releases.
It could be nice, like we do in [OUDS iOS](https://github.com/Orange-OpenSource/ouds-ios/releases), to:
- [use the GitHub immutable release](https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases) feature to block the tag in use for a given release
- [use signed tags](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-tags) to proove the tags are legit (with in documentation a way to check the origin of the tag like we did on [OUDS iOS](https://github.com/Orange-OpenSource/ouds-ios/wiki/50-%E2%80%90-About-versions,-releases-and-builds#tags-commits-releases-and-artifacts-signature))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

For `project`, improve security of releases (suggestion) #15

Context

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

For project, improve security of releases (suggestion) #15

Description

Context

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

For `project`, improve security of releases (suggestion) #15