|
Title: bitcoin core gpg?? Post by: Jason Brendon on January 26, 2023, 05:24:52 PM today i am downloading the gpg keys
https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt 404? You the same? Title: Re: bitcoin core gpg?? Post by: digaran on January 26, 2023, 05:34:05 PM Where do you live, and why do you want them?
Title: Re: bitcoin core gpg?? Post by: Jason Brendon on January 26, 2023, 05:36:01 PM Where do you live, and why do you want them? ?? you don't verify the binary? Title: Re: bitcoin core gpg?? Post by: DaveF on January 26, 2023, 05:41:17 PM I'm getting
Didn't check everything I have used recently but thigs I know worked came back 404. Could be a local caching server / front end issue for them or they broke something big. Edit: see below, they are not supposed to be there. BUT my comment is still valid. This IS working from some places (home) but not others (office). https://raw.githubusercontent.com/nginxinc/docker-nginx/1.16.0/stable/stretch/Dockerfile However, I didn't notice it's not a 404 but 400 error that I am getting from the work PC. So 2 different issues that with a quick glance look the same. -Dave Title: Re: bitcoin core gpg?? Post by: NeuroticFish on January 26, 2023, 05:43:51 PM https://github.com/bitcoin/bitcoin/commit/296e88225096125b08665b97715c5b8ebb1d28ec
The keys were removed/moved in 5 January. ?? you don't verify the binary? The recommended way to verify the binary is with the SHA256 hashes, read here: https://bitcoincore.org/en/download/ PS. You may want to move this topic to Dev&Tech, you may get better answers. Title: Re: bitcoin core gpg?? Post by: Jason Brendon on January 27, 2023, 01:14:37 AM https://github.com/bitcoin/bitcoin/commit/296e88225096125b08665b97715c5b8ebb1d28ec The keys were removed/moved in 5 January. ?? you don't verify the binary? The recommended way to verify the binary is with the SHA256 hashes, read here: https://bitcoincore.org/en/download/ PS. You may want to move this topic to Dev&Tech, you may get better answers. yes, but by trusting what the hashes said, i firstly need to make sure it came from the developers, right...? Title: Re: bitcoin core gpg?? Post by: Edwardard on January 27, 2023, 02:03:26 AM yes, but by trusting what the hashes said, i firstly need to make sure it came from the developers, right...? The directory for bitcoin core gpg builder keys have been moved. You may find the list of builder keys here:https://github.com/bitcoin/bitcoin/blob/24.x/contrib/builder-keys/keys.txt (https://github.com/bitcoin/bitcoin/blob/24.x/contrib/builder-keys/keys.txt) I'd suggest you to find and use achow101's keys there (the most active developer and also one of the mod here). Code: 152812300785C96444D3334D17565732E08E5E41 Hope this helps. Let us know. Title: Re: bitcoin core gpg?? Post by: Jason Brendon on January 27, 2023, 03:22:05 AM yes, but by trusting what the hashes said, i firstly need to make sure it came from the developers, right...? The directory for bitcoin core gpg builder keys have been moved. You may find the list of builder keys here:https://github.com/bitcoin/bitcoin/blob/24.x/contrib/builder-keys/keys.txt (https://github.com/bitcoin/bitcoin/blob/24.x/contrib/builder-keys/keys.txt) I'd suggest you to find and use achow101's keys there (the most active developer and also one of the mod here). Code: 152812300785C96444D3334D17565732E08E5E41 Hope this helps. Let us know. yes man, it does help. Looks like i am switching to another branch where the keys.txt is still there. Wonder how to do the same (get the gpg keys) in the master branch. Title: Re: bitcoin core gpg?? Post by: NotATether on January 28, 2023, 02:18:16 PM yes man, it does help. Looks like i am switching to another branch where the keys.txt is still there. Wonder how to do the same (get the gpg keys) in the master branch. The keys in the 24.x branch should also work for the master branch because the binaries made from it are signed with the same set of keys as v24. So if any of the checksums fail to verify with a particular developer's key, then that means you can summarily distrust the changes made by that developer. Title: Re: bitcoin core gpg?? Post by: NeuroticFish on January 28, 2023, 07:51:19 PM In case it helps, I've found that one reason for removing builder keys from main branch is because they are (or should be) available on key servers:
https://keys.openpgp.org/search?q=28E72909F1717FE9607754F8A7BEB2621678D37D https://keyserver.ubuntu.com The exact related issue on bitcoin git is: https://github.com/bitcoin/bitcoin/issues/26566 Title: Re: bitcoin core gpg?? Post by: BlackHatCoiner on January 28, 2023, 09:31:50 PM yes, but by trusting what the hashes said, i firstly need to make sure it came from the developers, right...? It is trivial to check that the hashes from the SHA256 list match the binaries' hashes, but that's not enough, correct. You need to verify a signed message of a Bitcoin Core developer you trust, saying that this specific list is the right one. This forum contains public keys of Bitcoin Core developers: https://bitcointalk.org/verify_pubkeys.txt |