Great, just like Electrum,
but just like Electrum, that wont help most newbies since most of them prefer download-install-open method.
Glad they have taken down the site that quick.
but just like Electrum, that wont help most newbies since most of them prefer download-install-open method.
Glad they have taken down the site that quick.
Yes, agreed on the point of users being too lazy to verify by PGP. This point is interesting so went to do some digging online and found this.
Source: https://securityboulevard.com/2018/11/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/
Quote
Users of cryptocurrency software should demand reproducible builds and code-signed executables to prevent tampering by an attacker post-installation. The advantage of code-signing, relative to manual verification with a tool like GPG, is that code signatures are automatically verified by the operating system on every launch of the application, whereas manual verification is typically only performed once, if at all. Even verifiable software, though, can still be subverted at runtime. Recognize that general-purpose computing devices are exposed to potentially risky data from untrusted sources on a routine basis.
Can someone explain:
(1) Why don't these wallets implement the code-signing mechanism mentioned above? If the OS can automatically verify the program at launch each time, isn't this a solution to having users verifying PGP by themselves?
(2) Is it right to say that if the wasabi wallet had the code-signing mechanism implemented, it would have been easier for users to perform the verification as they can easily view the properties of the file to see who the digital signatures belong to (like in this example: https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/)
Thanks.
