Electrum-VTC v4.2.1
Changes in this release
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/vertcoin-project/electrum/master/pubkeys/vertion.asc | gpg --import
Once you have the required PGP key, you can verify the release (assuming manifest-v4.2.0.txt.sig and manifest-v4.2.0.txt are in the current directory) with:
gpg --verify manifest-v4.2.1.txt.sig manifest-v4.2.1.txt
You should see the following if the verification was successful:
gpg: Signature made Mon 28 Mar 2022 02:05:26 PM CDT
gpg: using RSA key 28E72909F1717FE9607754F8A7BEB2621678D37D
gpg: Good signature from "vertion <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Binaries
Our Windows and AppImage builds are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager. See our reproducible builds guide for how this can be achieved on Windows or Linux.
Finally, you can also verify the tag itself with the following command:
git verify-tag v4.2.1
gpg: Signature made Mon 28 Mar 2022 12:38:58 PM CDT
gpg: using RSA key 28E72909F1717FE9607754F8A7BEB2621678D37D
gpg: Good signature from "vertion <[email protected]>" [ultimate]