You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
As a user when running the desktop wallet I want to be sure that I'm running tested and trusted code and there are no backdoors or any other issues introduced by attackers which could compromise the data I'm handling in my wallet.
Describe the solution you'd like
Doing reproducible builds similar to what we do for unit-e with the gitian builder would provide a decentralized way to validate builds.
Describe alternatives you've considered
Doing a central build from reviewed sources on a trusted system would also be a way to provide a trusted build. This would rely on a central instance doing the build, though.
I haven't looked into how other comparable projects are doing it. Maybe there is something which could be reused from the node or distribution communities. We could do some more research there to broaden our options.
Additional context
One of the biggest problems of doing a trusted build will be the review of dependencies. There have been attacks on wallets through that channel before.
There also have been phishing attacks tricking users to install malicious versions of a wallet. Providing users a reliable way to validate that they have a trusted client would mitigate these issues.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe
As a user when running the desktop wallet I want to be sure that I'm running tested and trusted code and there are no backdoors or any other issues introduced by attackers which could compromise the data I'm handling in my wallet.
Describe the solution you'd like
Doing reproducible builds similar to what we do for unit-e with the gitian builder would provide a decentralized way to validate builds.
Describe alternatives you've considered
Doing a central build from reviewed sources on a trusted system would also be a way to provide a trusted build. This would rely on a central instance doing the build, though.
I haven't looked into how other comparable projects are doing it. Maybe there is something which could be reused from the node or distribution communities. We could do some more research there to broaden our options.
Additional context
One of the biggest problems of doing a trusted build will be the review of dependencies. There have been attacks on wallets through that channel before.
There also have been phishing attacks tricking users to install malicious versions of a wallet. Providing users a reliable way to validate that they have a trusted client would mitigate these issues.
The text was updated successfully, but these errors were encountered: