Coinkite Launches 'BinaryWatch' Hub: Tracks Popular Bitcoin Software Signature Verification
Users can and should verify GPG signatures themselves but this hub automates the process and will sound the alarm if signature verification fails. Currently, these projects are watched: bitcoin_core, blockclock, coldcard, green_qt, joinmarket, lnd, sparrow, wasabi.
- Best practice for software releases is to include GPG signatures to verify that the maintainers of the software are the ones that compiled and released the binary.
- This prevents a man in the middle attack where an attacker replaces a software release with a malicious version.
- Users can and should verify GPG signatures themselves but this hub automates the process and will sound the alarm if signature verification fails.
- Currently, these projects are watched: bitcoin_core, blockclock, coldcard, green_qt, joinmarket, lnd, sparrow, wasabi.
- If you want to add your Bitcoin project to watchlist, email csumchecker@coinkite.com
