Ok so basically we download the sigs from
https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS.ascthen the hashes from...
https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMSbtw, this is indeed kinda hidden for now it seems, couldn't find it anywhere, not on github, not on bitcoincore.org, though perhaps I did not search hard enough on github..
then?
--verify SHA256SUMS.asc SHA256SUMS
and shasum your individual release and recheck obviously.
Now this kinda assumes I have all the signers imported already. Obviously I don't and i'm not sure I care that much to import them all in a "decentralized - individual" manner (I think that's more or less the intention of this change?)
I'm scrolling to see if I can verify Wladimir's signature with his old (11+) key, but no luck. Any easy way to check the signers and how much authority they hold as someone who isn't
that involved?
Edit: I guess the latter part of the question is still somewhat relevant though every individual will probably weigh this differently.
I have a couple names + email addresses - easiest way for now seems to google them and add them individually..?I guess achow's key works. (EDIT: for those wondering: Imported using
https://github.com/bitcoin/bitcoin/blob/master/contrib/builder-keys/keys.txt, which? corresponds with
http://achow101.com/achow101.pgp, and thus? trustworthy) &
gpg --keyserver keyserver.ubuntu.com --receive-keys 152812300785C96444D3334D17565732E08E5E41