Release Trust

Manifest Inputs

• Package name, version, release ID, tarball URL, and release fingerprint.
• Installed-tree fingerprint and sandbox profile fingerprint.
• Launcher minimum version, creation and expiry timestamps, status, signing key ID, and signature.

Blocking Sources

Release status, denylist records, package-security findings, revocation records, and expired manifests can all prevent enrollment or room participation.