* Sign packages with cryptographic keys * Check package updates vs those keys * Ensure code isn't changed in transit (deployment/installatioon)
