1 2016-08-26 05:47:25 <peawormsworth> I am wondering how I can download and verify bitcoin core. I have used git to download and compile, but now I think that it places trust in github too much. Is there a signed tar or similar to download that I can verify against the bitcoin key?
2 2016-08-26 05:48:18 <Diablo-D3> peawormsworth: git signs commits
3 2016-08-26 05:48:39 <peawormsworth> i do not want to trust ssl or github. I want to be paranoid.
4 2016-08-26 05:50:08 <peawormsworth> maybe I do not understand, but is not the git signing for authenticating code changes and possibly download permissions?
5 2016-08-26 05:51:05 <peawormsworth> and if so, then I think I am trusting the controller of the git install as well as the developers.
6 2016-08-26 05:53:15 <peawormsworth> i do not see any way for me to validate the bitcoin core download against a bitcoin dev key.
7 2016-08-26 05:54:19 <peawormsworth> unless there is a signed tar somewhere.
8 2016-08-26 05:54:25 <peawormsworth> am I just wrong?
9 2016-08-26 05:55:09 <luke-jr> peawormsworth: #bitcoin
10 2016-08-26 05:57:49 <peawormsworth> ok. thanks.
11 2016-08-26 19:57:09 <murch> I was just reading: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013064.html
12 2016-08-26 19:57:50 <murch> Which claims that a single pass is enough to find all transactions from a HD wallet.
13 2016-08-26 19:58:43 <murch> I assume that this requires you to generate 20 addresses ahead of the last one you found?
14 2016-08-26 20:46:52 <luke-jr> murch: at least; that's just good practice
15 2016-08-26 20:48:04 <murch> First I thought, that you could never do it in one pass because there is no guarantee that earlier given out addresses would also receive funds ahead of time, but if you always keep a pool of them ahead of the one you use, I guess you'd probably be able to do it in one pass.