Provide binary downloads as attachments to Github Releases

[gdevenyi]

Instead of providing downloads from a potentially comprisable host (xpra.org), you can attach official binaries to the Github releases for download.

https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository

[totaam]

I very much doubt that we can attach hundreds of gigabytes to github.
That's the size of the download directory.
To compromise xpra.org, one would need to compromise my systems, at which point they could also publish compromised binaries to github.

[gdevenyi]

Sure, I don't think it makes sense for the linux stuff, but for OSX and Windows, it may convince the security scanners that the software isn't so scary.

[totaam]

The problem with the scanners is their new smart "AI" scanning which sees things like keylog (shorthand for keyboard logging) in the xpra source and then decides that this is malware.
The APIs that we use are also the same that real malware use: capturing keyboard input, watching the screen etc.
I don't think that the download URL is used by the virus scanners at that point.

[totaam]

The proper way to bypass the anti-virus nonsense is probably to go via the appstore for MacOS (#1366) and MS Windows (#3923).