|
pf (OP)
|
 |
April 19, 2014, 03:36:10 PM |
|
The Bitcoin website, https://bitcoin.org, provides links to both binaries and source code of Bitcoin Core (Bitcoin-Qt). I would say that 99% of people just download the binaries and trust them. Is there any way to verify that the binaries were actually produced from the advertised source code? |
|
|
|
|
|
|
|
|
|
|
|
|
|
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
ncsupanda
Legendary
 Offline
Activity: 1628
Merit: 1012
|
|
April 19, 2014, 04:06:05 PM |
|
You could always compile it yourself.
Most people have trouble with the dependencies, and admittedly in the past this included me, so we just accept the binaries and move on.
Do you believe there is a fake going around? Would be interesting.
|
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
April 19, 2014, 04:12:26 PM |
|
Is there any way to verify that the binaries were actually produced from the advertised source code?
Compile the source using gitian and check that the generated binaries are identical to the published ones. |
|
|
|
|
cr1776
Legendary
Offline
Activity: 4032
Merit: 1301
|
|
April 19, 2014, 07:55:37 PM |
|
On the download page on bitcoin.org you can click the link "Verify signature releases" which will download the signatures and then you can use the signatures to verify it is the correct release.
E.g something like
gpg --verify ...
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12983
|
|
April 20, 2014, 01:02:52 AM |
|
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
April 20, 2014, 04:11:44 AM |
|
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.
Is this is preferred process? http://gitian.org/ |
|
|
|
|
|
bitsmichel
|
|
April 20, 2014, 01:52:15 PM |
|
First compare the code you have downloaded with the original.
Then compile it.
|
|
|
|
oleganza
Full Member
Offline
Activity: 200
Merit: 104
Software design and user experience.
|
|
April 20, 2014, 02:10:45 PM |
|
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.
Where can I read more about this environment? I'm very interested in having the same thing for my own app. |
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
April 20, 2014, 02:19:28 PM |
|
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.
Where can I read more about this environment? I'm very interested in having the same thing for my own app. I'm very sure it's http://gitian.org/ |
|
|
|
|
|
|
|
