sha1sum file is not gpg verified

OutCast3k / coinbin

Javascript Bitcoin Wallet. Supports Multisig, Stealth, HD, SegWit, Bech32, Time Locked Addresses, RBF and more!

https://coinb.in/

MIT License

906 stars 621 forks source link

sha1sum file is not gpg verified #179

Open steveeq1 opened 5 years ago

steveeq1 commented 5 years ago

I am downloading the coinbin.zip file and running on my local drive for security reasons. I notice that there is a "sha1sum" file with checksums for the contents of the zip file. Is there anyway this can be signed with a gpg key so i can make sure the checksum file hasn't been tampered with by a hacker? Is there any other way to gpg verify the zip file in some way?

yottalogical commented 5 years ago

You could always compare the sha1sum file to the one on GitHub to make sure it hasn't been tampered with.

monperrus commented 3 years ago

yes! it would be great that the Github release page also contains GPG signatures. thanks :)