Write up proposal outline for build security
#3688 (closed) is probably just the start of getting our build security where it needs to be, and even that may require a lot of baby steps before the solution is realized.
Once that's done, we should create a build and update deployment process that is akin to the Tor dirauth consensus process: N independent machines creating identical builds and detached signatures, and the build only gets published if all manage to agree.
It will also be a lot of work even to get to a manual version of this process. We should figure out how to break the plan into more baby steps and write funding proposal(s) for them.
The ultimate goal should be to get full funding to deploy our autoupdater with this multi-key validation process so that other organizations can use it. That will require even more funding and work.