Lucas Ontivero
Lucas Ontivero
I cannot review this PR, @SuperJMN. I can only ACK the concept, what I do.
PGP is not necessary for download verification.
> @lontivero how come? Is it because we strictly download from our own github API, so it 100% must be ours, non-malicious? No, ofc not. We have a MitM so...
That's correct except the part about "publish a second set of signatures with each release". There has to be one and only one secret/public key pair. The private key is...
You're right. I misread it.
> Is that hard to add PGP verifier code to the software Yes, it is. > but as far as I know message singing was removed Yes but there is...
Ok, then start from here: 
This is conceptually speaking exactly what you were ask to do, congrats. But now I've just realized it is not good. Anyway, the good part is that this knowledge can...
I am refactoring the `KeyManager` class to add support for taproot scripts and before starting to implement anything I decided to clean a bit that class because it smells really...
Very low priority.