I meant the electrum dependencies that get downloaded from pypy. These are pip modules written by other authors and not by Thomas V.
Topic: How do i verify Electrum installer on Linux? (Read 205 times)
pip modules are not subject to review. It is indeed possible that backdoors might be introduced via them.
This itself is not possible IF you trust the developer.
1) PIP is using https. This already elminates some attack vectors (e.g. MITM).
2) PIP is using checksums (MD5 i believe) provided by the author (in this case ThomasV) to be sure it has not been tampered with.
This is not necessarily safe since MD5 is quite broken. But it at least is SOME security.
However, downloading it manually and checking the signature is more secure and eliminates any risk of maliciously replaced packages (this still requires that you trust the developer).
pip modules are not subject to review. It is indeed possible that backdoors might be introduced via them.
That's the preferred way, yes.
I am not aware of a way to verify the version PIP installs automatically.
However, i believe PIP is verifying the signature itself. But i'm not sure about this.
I am not aware of a way to verify the version PIP installs automatically.
However, i believe PIP is verifying the signature itself. But i'm not sure about this.
To verify electrum on linux:
1. Get ThomasV's PGP key:
(verify yourself, don't trust me)
2. Get the signature file (from electrum.org)
3. Verify:
You should see this line output (among others):
That's the important line.
1. Get ThomasV's PGP key:
Code:
gpg --keyserver pool.sks-keyservers.net --recv-keys 2BD5824B7F9470E6
(verify yourself, don't trust me)
2. Get the signature file (from electrum.org)
3. Verify:
Code:
gpg --verify electrum_signature_file.asc electrum_downloaded_file.tar
You should see this line output (among others):
Code:
Good signature from "Thomas Voegtlin (https://electrum.org) "
That's the important line.
As the title mentioned, how do i verify Electrum on Linux? I'm talking about installing Electrum on Terminal with these command :
or should i just download Electrum's source, verify it's signature and compile it myself?
Code:
Install dependencies:
sudo apt-get install python3-setuptools python3-pyqt5 python3-pip
Install Electrum:
sudo python3 -m pip install https://download.electrum.org/3.2.3/Electrum-3.2.3.tar.gz#egg=electrum[fast]
sudo apt-get install python3-setuptools python3-pyqt5 python3-pip
Install Electrum:
sudo python3 -m pip install https://download.electrum.org/3.2.3/Electrum-3.2.3.tar.gz#egg=electrum[fast]
or should i just download Electrum's source, verify it's signature and compile it myself?
Jump to: