Thread

how is it different👀

How DARE you?! 😤

See the release notes section https://bitcoincore.org/en/releases/30.0/

I'm trying to bootstrap my gpg setup for verifying the binaries, but I always have some problem. I've never, before today, tried to use gpg for anything and therefore I don't know what keys to trust Do you use gpg? Any tips? I guess I'm looking for an up-to-date key, where I can see some other evidence (e.g. a PGP key on a Nostr/X profile) that the key is genuine

Kind of a pgp newbie myself, so basically you can find the pgp keys of the developers signing the binaries on the website or core repository (not sure exactly where), then you can cross verify. Many devs have their key fingerprint in github profiles, slides of talks in yt videos, meeting them in person. We can also exchange our key lists here to cross check if we have the same keys, I guess that increases the probability they are legit and we didn't get served wrong keys by the website. Best is probably to verify keys in person with someone in the web of trust that signed other developers keys so there is a chain of signatures between you and the actual devs. Meetups might be a good place to start this.

I eventually did that with one of the signers, after I realised I already followed him on Nostr. So I dug around to find his key and I even got him to confirm it via Nostr