Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0

Wed, 20 Oct 2021 15:14:26 -0700 

Hello, Owen,
The GPG signature verification has changed for bitcoin core version 22 and later. There were two main changes: 


1) The sha256 checksums are now in a separate file from the GPG 
signatures. So download a new file named "SHA256SUMS" (contains the 
checksums) and also the "SHA256SUMS.asc" which contains the signatures.



2) The signature file now contains multiple signatures. These signatures 
are generated by multiple "builders" who have provided their own public 
keys to verify against. Not all builders will provide a signature for 
each release.



You can find more information at bitcoincore.org/en/download/ [1] under 
the "Linux verification instructions" section - click to expand.



Instructions about where to find and how to import the full list of 
"builder" public keys can be found in the bitcoin core github repo [2].



> I also notice that, as of 22.0, Wladimir is no longer signing the 
releases, and I have no trust in my gpg network of the people who seem 
to have replaced him.



The list of "builder" public keys includes many long-time bitcoin core 
contributors as well as Wladimir's. Caution is always warranted but 
please do not spread unnecessary FUD.


- chill

[1] https://bitcoincore.org/en/download/
[2] https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys


On 10/20/21 8:20 PM, Owen Gunden via bitcoin-dev wrote:

On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:

It seems confusing to have two sites that seemingly both represent
bitcoin core.

There is only one website which represents Bitcoin Core full node
implementation. You can download Bitcoin Core from
https://bitcoincore.org

I also notice that, as of 22.0, Wladimir is no longer signing the
releases, and I have no trust in my gpg network of the people who seem
to have replaced him.

Given the level of security at stake here, my eyebrows are raised at
this combination of items changing (new website + new gpg signers at the
same time).

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev






















					Reply via email to