Closed achow101 closed 2 months ago
stickies-v
commented
8 months ago How is the token ee5fdbb1-f509-427a-abf7-812f247d883b generated or verified? I can't seem to find a reference to it on https://flathub.org/apps/org.bitcoincore.bitcoin-qt
achow101
commented
8 months ago Unfortunately only the package admins can see it.
laanwj
commented
5 months ago Code review ACK
I have too little insight into flatpak's build process to Concept ACK this, as we don't build the flatpak as part of a guix build (no idea if this is even possible) i'm hestitant to call it the same diligence as our normal releases.
achow101
commented
5 months ago Essentially this just changes the badge on the flathub site from "Unverified" to "Verified". https://docs.flathub.org/docs/for-app-authors/verification/ is some info about verification.
The config files for doing the flatpak releases are at https://github.com/flathub/org.bitcoincore.bitcoin-qt. It essentially just wraps the published guix builds and every update does require setting the hash to the new tarball.
laanwj
commented
5 months ago Thanks. Okay, I see, makes sense, that it just wraps our release binary.
Showing the verified badge makes sense, could distinguish it from backdoored copies.
ACK f3ba3a5fd42c4bd338c0b87fd558dbdadf60356e
fanquake
commented
1 month ago This still shows as unverified: https://flathub.org/apps/org.bitcoincore.bitcoin-qt. Maybe it'll change on the next version bump.
achow101
commented
1 month ago Shows verified now, there was another button I needed to click.
We publish releases on flathub. Apps published on Flathub can be verified to be published by the actual developers by placing a token on the project website. We should do this so that our releases on flathub show as verified.
Closes: https://github.com/flathub/org.bitcoincore.bitcoin-qt/issues/26.