As an example, on macOS:
brew set up --cask bitcoin-core
Or on Ubuntu:
snap set up bitcoin-core
And many others.
Specifically, what assault vectors would possibly I be exposing myself to if I make a selection to put in Bitcoin Core the usage of a package deal supervisor?
The usage of Homebrew for instance:
- I presume that obtain hashes are checked in Homebrew?
- Are hash signatures checked?
- Does Homebrew have a mechanism that guarantees that just a Bitcoin Core maintainer can replace a package deal on Homebrew?
- May just I nonetheless be at risk of a malicious/compromised Homebrew maintainer who adjustments the obtain URL and hash?
- Are there some other equivalent problems or dangers?
(N.B.: If the one “protected” manner is to construct from supply or to obtain Bitcoin Core without delay, it is advantageous to notice this and why, however I ask that you simply please stay solutions occupied with any dangers related to the usage of a package deal supervisor as a substitute.)
Thank you!
