For instance, on macOS:
brew set up --cask bitcoin-core
Or on Ubuntu:
snap set up bitcoin-core
And so on.
Particularly, what assault vectors may I be exposing myself to if I select to put in Bitcoin Core utilizing a package deal supervisor?
Utilizing Homebrew for instance:
- I presume that obtain hashes are checked in Homebrew?
- Are hash signatures checked?
- Does Homebrew have a mechanism that ensures that solely a Bitcoin Core maintainer can replace a package deal on Homebrew?
- May I nonetheless be susceptible to a malicious/compromised Homebrew maintainer who adjustments the obtain URL and hash?
- Are there another related points or dangers?
(N.B.: If the one “secure” technique is to construct from supply or to obtain Bitcoin Core immediately, it is positive to notice this and why, however I ask that you simply please preserve solutions centered on any dangers related to utilizing a package deal supervisor as an alternative.)