Appreciating your engagement with community feedback and the transition to a milestone-based proposal structure reflects a positive step towards aligning with Polkadot governance expectations. This structure promotes transparency and accountability, crucial for fostering community trust.

Despite the benefits of EV certificates in enhancing trust through Microsoft's SmartScreen, they do not authenticate the source code or ensure the security of the build process itself. The current practice of publishing SHA-512 hashes without corresponding PGP signatures represents a significant security gap. These hashes, while useful for verifying download integrity, offer no assurance regarding the origin or the absence of tampering before publication. This is compounded by the fact that the binaries themselves are not signed with PGP keys, further diluting the trust model.

For a more robust and transparent release workflow, we urge you to consider the practices where binaries are not only built but also signed as part of their release workflow (e.g., genpeerid build workflow). This approach significantly enhances trust in the binaries by ensuring they are directly traceable to their source, authenticated, and have not been tampered with post-build.

Given the strong interest from stakeholders in seeing Infinity Wallet support the ecosystem, we are inclined to adjust our position in favor of your proposal. Nonetheless, this support is contingent upon your willingness to incorporate external audits for each release. While the current proposal may not need to detail the budgeting specifics for these audits, it is essential that Infinity Wallet acknowledges and accepts the necessity of such audits. Our community can assist in identifying qualified members/team to conduct these audits and produce public reports, enhancing the overall security posture and confidence in the Infinity Wallet as a critical infrastructure component within the Polkadot ecosystem.

In conclusion, to shift our vote to support, we require at least a clear commitment from the Infinity Wallet team improve binary signing CI, began to publish changelogs for releases and engage in the previously proposed auditing process. This stance is an exception to our usual voting habits, particularly given our reservations towards endorsing proposals for closed-source projects in highly sensitive areas such as wallets.

One of the best proposals with substantial value add we have ever had from a wallet