@Brainhack @unman thanks a lot for your suggestion
if i understand it correctly, maybe, in short,
you suggest me to hide from supply chain attack / man in the middle attack ?
but in my opinion, we should be able, to find a way,
to protect ourselves, from supply chain attack, without hiding,
because, if we have to hide, from supply chain attack,
then how Purism, Insurgo, & Qubes developer, etc, also its server / repository,
protect itself from supply chain attack, in their development process ?
Assuming that everyone involved, in the development,
are working remotely, or maybe not at the same location,
in example,
Librem & Insurgo also need supply chain, to download Qubes & Coreboot / Heads,
Qubes developer also need supply chain, to download / deliver their work to server / repository,
Maybe by using authentication & verification,
we can protect system from supply chain attack,
but i read in the Qubes documentation,
saying that the compromised devices,
also can give us correct authentication & verification,
regardless the fact that it has been compromised.
Also, many famous people (ie. artist & politician), who cannot hide,
since everyone involved in the supply chain, also know them, wherever they go,
how do they protect themselves from supply chain attack.