Developers: Cryptographically sign your crypto wallet releases

in #ethereum8 years ago

I was pleased to notice today, while going through the changelog for ethereum wallet 0.8.3:

PGP-verified releases (#546)

This is long-awaited, and probably more useful than checksums itself (although they have slighty different purposes). Look for the Verified badge in releases and commits.

Github issue #546

This practice has, of course, been in use in the wider open source ecosystem for a long time.

It always struck me as incredibly strange that in a world where it is people's money/value/whatever-you-want-to-call-it that is at stake, such a simple precaution is repeatedly not being taken by crypto-currency projects everywhere.

Checksums are not enough. They serve a different purpose.

Congratulations to the ethereum project for getting it right.

Conclusion

Developers: Sign your releases. Give your users the warm fuzzy feeling (tm).