Add verification steps to README #607
Conversation
|
bob-2.0.0-arm64.dmg wasn't signed BTW. |
README.md
Outdated
| @@ -24,6 +24,25 @@ For macOS users, Bob is also available through the [Homebrew](https://github.com | |||
| brew install kyokan-bob | |||
| ``` | |||
|
|
|||
| ## How to Verify Bob Wallet | |||
There was a problem hiding this comment.
| ## How to Verify Bob Wallet | |
| ## Verify downloaded binaries |
or similar to match other headings
There was a problem hiding this comment.
The previous section's title is "How to Install Bob Wallet". I tried to match it. Technically "downloaded binaries" is obviously more precise. Also I tried to match the previous title's "camel case". Probably ### Verify downloaded binaries would be better, we could nest it inside "How to Install Bob Wallet". Let me know what you think.
There was a problem hiding this comment.
Hah you're right, the first heading also doesn't match the others, maybe that can change too (Install or Installation or something).
Yeah makes sense to have verification under install.
| ## How to Verify Bob Wallet | ||
|
|
||
| 1. Download a _SHA256SUMS.asc_ file included into the release | ||
| 2. Paste the file's content into https://keybase.io/verify and click "Verify" |
There was a problem hiding this comment.
I think the idea here was to keep it as short as possible? It makes sense. I'm just thinking if we can say what to expect after clicking "verify". And do they compare the signer's username somewhere? Maybe we should add a SECURITY.md like what hsd does and mention it here: https://github.com/handshake-org/hsd/blob/master/docs/install.md
wdyt?
There was a problem hiding this comment.
I think the idea here was to keep it as short as possible?
I wanted to contribute with this, a more concise guide enabled me to make it iteratively and submit this PR. A more comprehensive guide and a list of PGP keys would be better. Ok, I can add SECURITY.md and link it here. A final goal is to make a clear guide on how to verify the release binaries.
There was a problem hiding this comment.
The SECURITY file looks great, even linked in the readme! Everything looks good to me, just a nit: order the signers list in alphabetical order (swap the 2 lines in both places)? And squash if you want to after this, then we can merge this :D
There was a problem hiding this comment.
Done ✅
Indeed. I noticed the SHA256SUMS.asc file and it wasn't straightforward for me how to use it. I'm a semi power user here, not experienced with this stuff, but was able to understand it could be used. |
|
@rithvikvibhu the PR should be ready for another review round. Once you approve I'll squash the commits into one. |
Useful comprehensive guides: - https://www.reddit.com/r/Bitcoin/wiki/verifying_bitcoin_core - https://bitcoincore.org/en/download/ - https://bitcoin.stackexchange.com/questions/50185/how-to-verify-bitcoin-core-release-signing-keys - https://www.getmonero.org/resources/user-guides/verification-allos-advanced.html - https://docs.wasabiwallet.io/using-wasabi/InstallPackage.html - https://help.ubuntu.com/community/HowToSHA256SUM Re: - #436 - #280 - #478 (comment) - #214 This new section could be linked/included into release tags. [ci skip]
|
Sorry, I used a wrong user and had to delete the repo. Will redo later when not in a hurry. |
|
Unfortunately, after deleting my original fork I can't update this PR, so I had to create a new one. See #612. It wasn't my cleanest commit history... A good lesson not to do things in a hurry. |
Useful comprehensive guides:
Re:
This new section could be linked/included into release tags.