ErCiccione[m] done. Cannot flush CF cache though, I don't have access yet.

Thanks 🙂. No worries, shouldn't be a problem for these updates

Reddit post with the list of the major updates: reddit.com/r/Monero/comments/esqso7…rg_updated_new_simplified_accepting

great job

:)

Hooray, the blag post is up!

luigi1111 ^

If someone is able to compromise the getmonero.org server and put their own binary on it, wouldn't it also be simple enough for them to change the verification hashes on the web page to match the binary that they put onto the server?

I guess that's why one has to download the signing key hey.

I believe someone mentioned the files are hosted separately from the hashes, but yes, that's the point of checking signatures

Then there's the extra layer of being able to look at other trusted build reproductions

Which ensures that the entity doing the signed hashes used the expected code to build the binaries

Simply downloading, hashing, and comparing (without signature checks) would only avoid some accidental file corruption during download

Yeah, it's a really involved process hey.

Fortunately moneromooo built a tool to help with the verification process

(of course, you have to trust the tool does what you expect)

(but the tool is open source!)

what tool is that? sarang.

might be helpful for next el monero episode. someone mentioned a web interface to verify hashes but i sort of dislike the idea of trusting a site instead of cli, or an open source tool, as you mention.

Here's the tool: github.com/moneromooo-monero/monero-update

Disclaimer: I have not used it personally

thanks for sharing.

Would need to ask moneromooo for any specific further details

It was created after the download server breach

wasn't aware of its creation. will check the documentation out and give it a go so i have a more informed stance when discussing it on the pod.