Bad Instructions or Major Compromise?

If you go to the page explaining how to Run Bisq on Qubes (http://s3p666he6q6djb6u3ekjdkmoyd77w63zq6gqf6sde54yg6bdfqukz2qd.onion/index.php/Running_Bisq_on_Qubes#Create_qube)
you will see this instruction:

# Go to the folder where you downloaded the .deb package and the PGP signature
cd Downloads

# Import the signing key of Christoph Atteneder
curl | gpg --import

# Verify the signature of the downloaded binary
gpg --digest-algo SHA256 --verify Bisq-*.asc

But if you try to download that key, you can’t because it’s not there. And I don’t even think that’s the key that Bisq is currently signed with, which means that basic security rules are being violated. Is it because Bisq has been hacked, or is it that the Bisq team would benefit from learning the basics of key handling and signing?

This change is recent and not all the docs have been updated.
Thanks for the alert, the wiki has been edited to add new dev (alejandrogarcia83) keys.

1 Like