Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: [ANN] Bitcoin version 0.3.23 released
by
Joise
on 25/06/2011, 19:58:11 UTC
Quote from: Nescio on June 25, 2011, 04:29:01 PM
Windows: http://support.microsoft.com/kb/841290 or http://www.nirsoft.net/utils/hashmyfiles.zip
Linux: $ sha1sum bitcoin-0.3.23-linux.tar.gz

That's not the point. The checksums are fine and gpg says
the signature in itself is correct. What I didn't found is how
to verify that the signature belongs indeed to Jeff.
For signatures on Linux kernel sources, for example,
there is a big web of trust to which most open source
contributors belong.

If you know Jeff personally, that's of course no problem at all.
But in general, signatures without references to such a trust web
cannot warrant that the binaries have not been replaced by
someone else. It's surely paranoid to think about that,
but for a payment system it's also the definitive worst case if
it happens one day.