Add unofficial Debian package repository

[dariogriffo]

• PR Description

• Please check if the PR fulfills these requirements

• Docs have been updated if necessary
• You've read through your own file changes for silly mistakes etc

[ChrisMcD1]

I'm not familiar with the world of unofficial debian repositories. And with that lack of familiarity, linking to this feels naively feels like it could introduce a malicious version of lazygit into someone's machine if your system is compromised.

Is there some reason this wouldn't introduce a new vulnerability into the chain of trust?

[dariogriffo]

Is there some reason this wouldn't introduce a new vulnerability into the chain of trust?

I cannot account for other repos. My build process is public so you can see how the packages are created. Everything is automated and published first to GitHub as artifacts so people can even download those.
But you can verify the integrity simply checking md5 sums.
I host tools that I use on daily basis and have no Debian package.
I'm planning to add I'm the short term Claude desktop, and yazi a terminal file manager, but things take time :)

At the end is a matter of trust, people uses lazygit and they don't know if it is doing something on the background with your data.