Sjors Provoost

> * Once a user starts an application the first time, it checks it's installers hash (the .dmg file) against Apples notarization server and if the hash has an approved...

This sounds like a reasonable approach to me.

Concept ACK, but I prefer this to be in the wallet tool.

The wallet tool is just as available as the RPC. We can print the necessary incantation in the help if needed. It does make sense to have an upgrade button...

I'm tempted to suggest that we shouldn't touch the original wallet, especially with the way this handles watch-only addresses. Maybe it's better to create two new wallets (if there's any...

Maybe rename the old one to `…-archive-DATE`?

True. I suppose the upgrade is only potentially confusing for users with a mix of spendable and watch-only addresses. So perhaps there could be two seperate flows: 1. Spendable OR...

> I don't think it's necessary to open the backup and then require the user to close it. Another idea could be to refuse the migration if the wallet contains...

@achow101 I sent you a signet wallet with some watch-only keys that didn't migrate correctly.

It would be good to explicitly test wallets with coinbase transactions on `pk()` "addresses", since afaik that's what the built-in miner used.