Updating bitsquare: is there an easier way? etc

Hey guys, so I’ve downloaded and ran bitsquare before in the past (0.4.8 deb) just to see what it was all about and kind of forgot about it after a while. Now I’m really interested in trying out bitsquare to see how well it works exchanging for fiat.

So I just have a couple question in terms of updating:

  1. Is there an easier way to update the using the GUI? Or do I need to pretty much redownload and run everything again? I’m on Debian and didn’t know if there was an easier way to go about all of this in the future.

  2. I went ahead and downloaded the new version, but didn’t know exactly the “right” way to go about verifying my download. I know how to check checksums, but didn’t see where they were on github? Mind you I’m still consider my self pretty “new” to linux in general.

Thanks in advance.

EDIT: I tried to import the public keys here and getting a “403 Forbidden” error when trying to import the keys:

How I typed in via CLI: https://pastebin.com/8e5HgVyZ

EDIT 2: Sorry I keep changing the situation… but I seem to have figured out how to get a good signature on the file. But just wanted to get confirmation that it looks OK to everyone else since I get a weird error at the end of it:

floam412@floam412-ASUS:~/Downloads$ gpg --verify Bitsquare-64bit-
gpg: assuming signed data in `Bitsquare-64bit-'
gpg: Signature made Wed 22 Mar 2017 07:08:53 PM EDT using RSA key ID F379A1C6
gpg: Good signature from "Manfred Karrer <manfred@bitsquare.io>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1DC3 C8C4 316A 698A C494  039C F5B8 4436 F379 A1C6

The warning at the end just means that you haven’t singed Manfreds key with your own key (or that it hasn’t been signed with some other key that you set up to trust to verify other keys are legitimate). It is no big deal. I got the same Manfred’s key fingerprint as you, so it should be fine.


floam, gold star for verifying the download. good habit to get into!! yep that warning is normal, if you think about it, it makes sense. how can you trust that its actually manfreds key?? web of trust thing. best you can do is verify fingerprint/key by checking a couple different locations online. i guess github is pretty trustworthy tho :slight_smile:

i think i read that dev/s what to make this process easier with a built in updater/verify in future releases.


Yes a dev is working on an in-app download and sig verification. might be in the next version…
then updates are more convenient and safe.

1 Like