The now defunct project Difio contains code and ideas around binary artifact analysis, see
https://github.com/difio/difio/blob/master/analytics.py. These were originally designed for the sake of release testing, for example:

• discover changes in file permissions
• report missing files from previos release
• report too big size changes (in package & individual files)
• scan for viruses

In the past these made it possible to detect some interesting bugs like missing source files in Django tarballs, sudden package size change with +200MB in django-facebook and others.

This is a good way to start automatically checking release artifacts for common scenarios and can be extended with customized checks. @kiwitcms-bot can be made to run these and report into Kiwi TCMS/GitHub issues, code review comments, etc.

Stock implementation & customization can be achieved via GitHub actions (essentially scripts) and all of this can consumed either as stand alone or tightly integrated between GitHub/Kiwi TCMS.