I’ve put together a set of ICRCs that together form a wasm registry capable of deploy and upgrading canisters via governance(a sort of formalization of what the SNS does plus some other helpful things). One of the items specifically discusses a framework for having third parties verify builds. The actual process, incentives, and security of doing so were purposely left out so that various things could be tried with the same interface.
Specifically ICRC-26 lays out the interface and associated icrc-3 blocks.
As part of this I reserved some space for ICRCs for the actual build process:
Motoko Build Verification - ICRC-128
Rust Build Verification - ICRC-129
Azel Build Verification - ICRC-130
Kybra Build Verification - ICRC-131
C++ Build Verification - ICRC-132
I’d love viewpoints (and maybe contributions?) from @icpp for c++, @timo for motoko, @lastmjs for Azel and Kybra, and I’ll let you rust guys hash it out. :). I don’t know if there is a huge hurry for this but I thought I’d reserve the space as I assume we’ll eventually want to put something down on digital paper. I’ll probably take a swing at formalizing what Timo’s done on the motoko side if Timo doesn’t do it first, closer to when we actually release something as many of the initial modules we’ll put into the system will be motoko.