09:09:56 <binaryFate> ErCiccione[m] done. Cannot flush CF cache though, I don't have access yet.
09:10:52 <ErCiccione[m]> Thanks 🙂. No worries, shouldn't be a problem for these updates
09:38:02 <ErCiccione[m]> Reddit post with the list of the major updates: https://www.reddit.com/r/Monero/comments/esqso7/getmoneroorg_updated_new_simplified_accepting/
10:40:54 <binaryFate> great job
10:53:25 <ErCiccione[m]> :)
11:11:16 <sarang> Hooray, the blag post is up!
11:30:31 <ErCiccione[m]> https://repo.getmonero.org/monero-project/ccs-proposals/merge_requests/102#note_8619
11:30:31 <ErCiccione[m]> luigi1111 ^
13:00:07 -xmr-pr- dginovker opened issue #1044: Merchants Page is a little borked on Mobile
13:00:07 -xmr-pr- > https://repo.getmonero.org/monero-project/monero-site/issues/1044
19:39:00 <Mochi101> If someone is able to compromise the getmonero.org server and put their own binary on it, wouldn't it also be simple enough for them to change the verification hashes on the web page to match the binary that they put onto the server?
19:41:26 <Mochi101> I guess that's why one has to download the signing key hey.
19:42:53 <sarang> I believe someone mentioned the files are hosted separately from the hashes, but yes, that's the point of checking signatures
19:43:32 <sarang> Then there's the extra layer of being able to look at other trusted build reproductions
19:43:52 <sarang> Which ensures that the entity doing the signed hashes used the expected code to build the binaries
19:44:38 <sarang> Simply downloading, hashing, and comparing (without signature checks) would only avoid some accidental file corruption during download
19:47:40 <Mochi101> Yeah, it's a really involved process hey.
20:20:51 <sarang> Fortunately moneromooo built a tool to help with the verification process
20:21:01 <sarang> (of course, you have to trust the tool does what you expect)
20:21:09 <sarang> (but the tool is open source!)
20:24:51 <rottensox> what tool is that? sarang.
20:25:33 <rottensox> might be helpful for next el monero episode. someone mentioned a web interface to verify hashes but i sort of dislike the idea of trusting a site instead of cli, or an open source tool, as you mention.
20:27:20 <sarang> Here's the tool: https://github.com/moneromooo-monero/monero-update
20:27:26 <sarang> Disclaimer: I have not used it personally
20:27:39 <rottensox> thanks for sharing.
20:27:52 <sarang> Would need to ask moneromooo for any specific further details
20:28:00 <sarang> It was created after the download server breach
20:28:44 <rottensox> wasn't aware of its creation. will check the documentation out and give it a go so i have a more informed stance when discussing it on the pod.