How do I safely use Electron Cash to move BCH out of Electrum?

I was using Electrum to store my BTC offline because I deemed it to be safest. Its open source code was available for review for several years. Now, I have BCH as well because of the fork. It's suggested that I move the BCH into Electron Cash.

I just read that a Bitcoin Gold wallet was a scam and stole coins, so I want to make sure that I'm using a safe wallet.

Electroncash.org has a link that says:

Quote

Please, please, PLEASE... take the time to verify
the authenticty of these files before running them.
This protects you from hackers and malware!
You can find signatures and checksum hashes for all files here.

The above link eventually leads to the signature, which shows:

Quote

3cf91dcc7d86322ca87959aff7573ec4a87d7501 Electron-Cash-2.9.4-macosx.dmg

I downloaded the dmg file and ran the following in my Mac terminal:

Code:

$ shasum Electron-Cash-2.9.4-macosx.dmg
3cf91dcc7d86322ca87959aff7573ec4a87d7501 Electron-Cash-2.9.4-macosx.dmg

I got the expected return (3cf91dcc7d86322ca87959aff7573ec4a87d7501).

I ran the following in my Mac terminal:

Code:

$ codesign --display --deep --verbose=2 Electron-Cash-2.9.4-macosx.dmg && echo $?
Electron-Cash-2.9.4-macosx.dmg: code object is not signed at all
$ codesign --display --deep --verbose=2 "Electron-Cash-2.9.4-macosx.dmg" && echo $?
Electron-Cash-2.9.4-macosx.dmg: code object is not signed at all

What am I doing wrong?

When I open Electron-Cash-2.9.4-macosx.dmg.sig, it shows “View Raw”, which I click on. Then it downloads a file which has:

Quote

à^Z∆¯
!Å
T 1¿,LˇSI ëŒÃˆTcﬁí,É2éi•¿„…,•HÏÀÿs‡MdGﬂ¡S%—Öm$G{Óœ˛6ëM%éiäå<*Ázâo∑bΩƒ

What am I supposed to do with this?

I understand that Electron Cash is a fork of Electrum. Ideally, I would like to see the changes made to the Electrum code, to ensure that no nefarious code is injected into Electron Cash. I understand that the commits are at https://github.com/fyookball/electrum/commits/cash . However, the commits go back to 2016. I stopped scrolling at Oct 15, 2016. Is this a fork of Electrum? I thought Electron Cash was created in July-August of 2017.

Even if these are the commits, am I correct to assume that I would have to click on every commit (such as this one), to review all of the changes?

Has anyone done this already? Has anyone audited this code?

After I have ensured that no nefarious code has been added, I’d like to compile the code from Github on my Mac. But I have no idea how to do this. Can anyone provide the steps?

From Electroncash.org, I downloaded Electron-Cash-2.9.4.tar.gz, which is supposed to have the source code for the Mac. Isn't this risky? How can I ensure that this is not different from the source code on Github?

I read the README.rst and RELEASE-NOTES files from Electron-Cash-2.9.4.tar.gz, but I cannot understand it. Do I run the following in my Mac terminal?

Check out the code from Github:

Code:

git clone git://github.com/fyookball/electrum.git
cd electrum

Run install (this should install dependencies)::

Code:

python setup.py install

Compile the icons file for Qt::

Code:

sudo apt-get install pyqt4-dev-tools
pyrcc4 icons.qrc -o gui/qt/icons_rc.py

Compile the protobuf description file::

Code:

sudo apt-get install protobuf-compiler
protoc --proto_path=lib/ --python_out=lib/ lib/paymentrequest.proto

Mac OS X
--------

Code:

python setup-release.py py2app

hdiutil create -fs HFS+ -volname "Electron-Cash" -srcfolder dist/Electron-Cash.app dist/electron-cash-VERSION-macosx.dmg

Topic: How do I safely use Electron Cash to move BCH out of Electrum? (Read 227 times)