How do we ensure that the MyMonero executable is legit? The sha hashes are published on Github, but where is the maintainer's public key to check that he signed the executable or zip file? That's the only sure shot of confirming that the file is not tampered with.
Asked
Active
Viewed 138 times
1 Answers
3
At the moment, the releases up until now haven't been signed.
What is possible at the moment is you could clone the existing GitHub repository at https://github.com/mymonero/mymonero-app-js and build the desktop app from source. We realise this is a bit cumbersome.
That said, there will be a new version released soon with GPG-signed hashes, and all future versions will be signed in the same fashion.
Hope that helps.
Karl Buys
- 131
- 2
-
Karl - any progress on GPG verification for the app? – luckman212 Oct 29 '20 at 23:20
-
Also see https://github.com/mymonero/mymonero-app-js/issues/297 – luckman212 Nov 16 '20 at 15:06