[bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
Charles Hill
chill at degreesofzero.com
Wed Oct 20 19:43:27 UTC 2021
Hello, Owen,
The GPG signature verification has changed for bitcoin core version 22
and later. There were two main changes:
1) The sha256 checksums are now in a separate file from the GPG
signatures. So download a new file named "SHA256SUMS" (contains the
checksums) and also the "SHA256SUMS.asc" which contains the signatures.
2) The signature file now contains multiple signatures. These signatures
are generated by multiple "builders" who have provided their own public
keys to verify against. Not all builders will provide a signature for
each release.
You can find more information at bitcoincore.org/en/download/ [1] under
the "Linux verification instructions" section - click to expand.
Instructions about where to find and how to import the full list of
"builder" public keys can be found in the bitcoin core github repo [2].
> I also notice that, as of 22.0, Wladimir is no longer signing the
releases, and I have no trust in my gpg network of the people who seem
to have replaced him.
The list of "builder" public keys includes many long-time bitcoin core
contributors as well as Wladimir's. Caution is always warranted but
please do not spread unnecessary FUD.
- chill
[1] https://bitcoincore.org/en/download/
[2] https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys
On 10/20/21 8:20 PM, Owen Gunden via bitcoin-dev wrote:
> On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
>>> It seems confusing to have two sites that seemingly both represent
>>> bitcoin core.
>> There is only one website which represents Bitcoin Core full node
>> implementation. You can download Bitcoin Core from
>> https://bitcoincore.org
> I also notice that, as of 22.0, Wladimir is no longer signing the
> releases, and I have no trust in my gpg network of the people who seem
> to have replaced him.
>
> Given the level of security at stake here, my eyebrows are raised at
> this combination of items changing (new website + new gpg signers at the
> same time).
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
More information about the bitcoin-dev
mailing list