Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    PGP-Signatures of Feathercoin-binaries

    Feathercoin Discussion
    2
    4
    1602
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      curiosity81 Regular Member last edited by curiosity81

      Hi,

      why can’t you also provide the corresponding signatures at the download page:

      https://www.feathercoin.com/

      ???

      Clearly, an experienced user will dig deeper and will look into the github-respository (which can also be found at the page above):

      https://github.com/FeatherCoin/Feathercoin

      There, one has to find the link to the release history (below “What is Feathercoin?”):

      https://github.com/FeatherCoin/Feathercoin/releases

      Here, signatures can be found (asc-files). However, still the public key-ID is missing, with which the binaries can be verified. Obviously, a

      gpg --verify feathercoin-0.13.0-linux32.tar.gz.asc feathercoin-0.13.0-linux32.tar.gz

      Tells one, which key must be imported: 4751434E. So asking

      https://keyserver.ubuntu.com

      for “peter bushnell” returns

      https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=peter+bushnell&fingerprint=on

      At least this seems fine even though the key was registered 2018-02-19 and thus is quite new. Anyone could have provided the binaries and anyone could have registered the key under the name “peter bushnell”.

      Is it so hard to put also the signatures as well as the key-ID on the download page?

      Regards,
      cu

      1 Reply Last reply Reply Quote 1
      • AcidD
        AcidD Moderators last edited by

        hello @curiosity81

        I’m not sure I follow. all the links to on www.feathercoin.com map back to github…

        Are you asking for the PGP keys to be linked on the main site ?

        • FTC Block Explorer + API @ https://fsight.chain.tips
        • FTC Beer Money: 6x4LEQV88zRnBvZoH6ZNK6SeRxx4KiTyJs
        • FTC bech32 address: fc1q4tclm3cv4v86ez6el76ewmharexfapxhek5a03
        • BTC bech32 address: bc1qk8umuccapuafspk9e5szahvp0detafuzugv4ay
        1 Reply Last reply Reply Quote 0
        • C
          curiosity81 Regular Member last edited by curiosity81

          Hi AcidD,

          Are you asking for the PGP keys to be linked on the main site ?

          exactly! This is is what I am complaining about. It would be much better to list or link the gpg public keys prominently at www.feathercoin.com. As well as the forum ID of the person to whom the keys belong.

          It’s like: “Hey guys, even if I cannot fully proof, that the correct person has built the binaries but here is the link to the gpg public keys. If I am a hacker then I must have hacked the feathercoin main page, the github repository as well as the corresponding forum account. This is very very unlikely.”

          Last but not least, each coin project “hides” the signatures and keys differently. And it is often some work to get the needed information. If google is necessary to find this information, then it is too hard for the average person to verify the binaries.

          And if someone uses an unverified and altered binary and loses real money, then this is bad publicity for feathercoin. (Showing that “There is no such thing as bad publicity” is not always true!)

          Best regards,
          cu

          1 Reply Last reply Reply Quote 0
          • AcidD
            AcidD Moderators last edited by

            Hi @curiosity81

            Thanks for this suggestion, I’ve raised it with our Team.

            • FTC Block Explorer + API @ https://fsight.chain.tips
            • FTC Beer Money: 6x4LEQV88zRnBvZoH6ZNK6SeRxx4KiTyJs
            • FTC bech32 address: fc1q4tclm3cv4v86ez6el76ewmharexfapxhek5a03
            • BTC bech32 address: bc1qk8umuccapuafspk9e5szahvp0detafuzugv4ay
            1 Reply Last reply Reply Quote 0
            • First post
              Last post