You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's apparent that Armory Technologies no longer has the resources to actively maintain their website. There seems to be a disconnect between installer versions available on Armory's website, their secure downloader, and their bitcointalk postings. There is also inconsistency in change log notices. Inconsistency is immediately a red flag when trying to trust software provided by another party. This problem has been apparent for several years now.
It appears as though installation packages linked from bitcointalk are actually signed using Armory's offline code signing key. Tagged releases on this github git repository are also signed. This is a good thing. However, no human friendly change log is signed. In the past, I was able to put some trust in Armory Technologies website for this information, but that seems to be no longer maintained. This is OK. It's understandable that one main not be able to keep a website active as human resources and priorities fluctuate.
At present, bitcointalk seems to be the only place where a human friendly change log is shown for each release. bitcointalk is far from a trustworthy source, and important posts are not signed by the post author. Although this git repository's commit tags are signed, everyone does not necessarily have the effort to check and understand each and every line of code change between their currently installed version and the version they would like to upgrade to. That is part of the purpose of the signing of a commit tag. As part of that code signing process, it would be appreciated if the developers could provide some signed, human friendly compliment to that signed git commit. Without doing so, much of the signing is not of much meaning.
In an effort to break away from dependencies on Armory Technologies website and bitcoin talk, I'd encourage Armory developers to make a simple ChangeLog.txt file in the root of this repository and include the human readable changes that they are currently still including at bitcointalk. You can either create a new file for each release, or just keep adding to the same file. This is not going to be much trouble and that human friendly information is going to be automatically included when the git commit tag is signed. If one can gain/verify all of the information they'd like, signed, it's okay if the different forms (source code, change log, and binary/installer) come from arbitrary sources/distribution channels.
The text was updated successfully, but these errors were encountered:
It's apparent that Armory Technologies no longer has the resources to actively maintain their website. There seems to be a disconnect between installer versions available on Armory's website, their secure downloader, and their bitcointalk postings. There is also inconsistency in change log notices. Inconsistency is immediately a red flag when trying to trust software provided by another party. This problem has been apparent for several years now.
It appears as though installation packages linked from bitcointalk are actually signed using Armory's offline code signing key. Tagged releases on this github git repository are also signed. This is a good thing. However, no human friendly change log is signed. In the past, I was able to put some trust in Armory Technologies website for this information, but that seems to be no longer maintained. This is OK. It's understandable that one main not be able to keep a website active as human resources and priorities fluctuate.
At present, bitcointalk seems to be the only place where a human friendly change log is shown for each release. bitcointalk is far from a trustworthy source, and important posts are not signed by the post author. Although this git repository's commit tags are signed, everyone does not necessarily have the effort to check and understand each and every line of code change between their currently installed version and the version they would like to upgrade to. That is part of the purpose of the signing of a commit tag. As part of that code signing process, it would be appreciated if the developers could provide some signed, human friendly compliment to that signed git commit. Without doing so, much of the signing is not of much meaning.
In an effort to break away from dependencies on Armory Technologies website and bitcoin talk, I'd encourage Armory developers to make a simple ChangeLog.txt file in the root of this repository and include the human readable changes that they are currently still including at bitcointalk. You can either create a new file for each release, or just keep adding to the same file. This is not going to be much trouble and that human friendly information is going to be automatically included when the git commit tag is signed. If one can gain/verify all of the information they'd like, signed, it's okay if the different forms (source code, change log, and binary/installer) come from arbitrary sources/distribution channels.
The text was updated successfully, but these errors were encountered: