Ubuntu bitcoin PPA

8

Since bitcoin is a software package that involves "real" money (inasmuch as any currency is "real"), I know there are major incentives for unscrupulous people to build backdoors into software related to bitcoin. For example, consider the current warning in IRC#bitcoin: "...All keys generated with brainwallet.org should be considered compromised" (a backdoor was apparently built into that software though I don't have specific details).

So as I consider building a second bitcoin node for myself (my first was in Arch using an official package), this time in Linux Mint 17.1 (based on Ubuntu 14.04) using an unofficial bitcoin PPA, I'm taking careful note of the warning that I usually dismiss without much of a second thought for using Debian/Ubuntu/Mint PPAs: "You can update your system with unsupported packages from this untrusted PPA by adding ppa:bitcoin/bitcoin to your system's Software Sources." (emphasis not in original)

And so before I use this PPA myself, I thought I would ask here if anyone else has used this PPA (that was only recently revised by Matt Corallo on 2015-02-18), and if you found any specific problems with it?

As I think about using it myself, I wonder if I should look at the MD5 checksum and/or diff of the source files used in the PPA as compared with those of the original Bitcoin Core sources. I don't know; maybe that's being too paranoid, but I'm wondering if others have used this PPA and if so, if they compared it with the original upstream sources.

I considered asking this question at https://askubuntu.com/, but I think it's better suited to this Q/A community because it's less about Ubuntu (I think this PPA could be used in many different distros that are all based on Ubuntu like my Mint distro) and more about Bitcoin.

Osteoboon

Posted 2015-02-23T17:18:40.860

Reputation: 263

2

Any particular reason you don't want to build the binary yourself using the github source?

Jimmy Song 2015-02-23T18:06:37.293

3Matt Corallo is one of the top contributors of Bitcoin, so if he's the one that maintains the Bitcoin PPA, I would count that as a positive signal. ;)Murch 2015-02-23T18:53:24.023

@jimmysong that's a great question, and I am considering it, but from a software maintenance perspective, I've found that every time I do something like that, I end up regretting it months later because I have a lot more work to do when I want to upgrade to the next release. I may end up doing that in spite of that logic because as I wrote above, bitcoin is special. I'm still on the fence, honestly.Osteoboon 2015-02-23T19:20:46.450

@Murch I didn't realize that. Thanks for mentioning it. Matt, if you're reading, no offense intended with my question. Just trying to be duly diligent is all. :)Osteoboon 2015-02-23T19:22:47.813

Yikes. I'd heard rumours about brainwallet.org using a compromised key generator. Have we got a link to any of the discussions?Wizard Of Ozzie 2015-02-25T09:12:36.293

Answers

1

https://bitcoin.org/en/download has binaries you can download and verify.
They're probably the safest to use, apart from building from source.

Building bitcoin from source also has become a lot easier with the past releases, I've had similar horrors as you with building other software from source and upgrading, but looking at how it has evolved for bitcoin I'd say the future looks bright.

PS. That PPA is also recommended on https://bitcoin.org/en/download and I've used it in the past, without any problems, though I can't say anything about how safe it is, but like @Murch pointed out he's at least not a completely random person but someone who worked a lot on bitcoin core.

Ruben de Vries

Posted 2015-02-23T17:18:40.860

Reputation: 546

0

It's been some years since the original question was asked, so I thought it's useful to point out that building from source is a lot easier nowadays. One can simply use Docker and not worry about bungling something on your system.

Most Docker solutions I've seen use the Ubuntu PPA because it's much faster. Building from source seems slower in Docker, on a Mac at least (and possibly Windows). I expect it would be much faster on Linux.

In any case, I put together a Dockerfile following the official Bitcoin Core install guide. It also is careful to git clone the latest release version.

https://github.com/chanhosuh/docker-bitcoin

Chan-Ho Suh

Posted 2015-02-23T17:18:40.860

Reputation: 103

Asked: 2015-02-23T17:18:40.860

Viewed: 1 348 times

Active: 2019-03-04T05:43:24.313