Because we give a lot of power to the CI jobs on our GitLab, we need some guarantees about the binaries used in the stack (see our [Container images policy](https://tails.net/contribute/working_together/GitLab/container_images/)). We should consider whether having signed images could improve those guarantees and whether the cost of implementing that is justifiable.