<p></p>
<p>Thats pretty bad practice IMO. We should keep a repo with historical data so anyone can verify it. To add a new repo where we add the official binaries and hash/sigs for each version Bisq uses would be good. As it seems current tor verion used cannot be verified I would suggest to update to one which we can verify asap. To maybe fork the netlayer project to bring it more under our own control might be good as well. We should remove those dependencies to 3rd party projects as far we can. Not sure if the dependency to cedrics repo is essential there as well, but that might be another candidate to look into how that is integrated in details.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/bisq/issues/4593#issuecomment-703129174">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AJFFTNTT4XEEYFJJPPRUC73SI5GSHANCNFSM4SCR574A">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AJFFTNWPN5OX4NLZ4E4SUVDSI5GSHA5CNFSM4SCR574KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFHUOMVQ.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/bisq-network/bisq/issues/4593#issuecomment-703129174",
"url": "https://github.com/bisq-network/bisq/issues/4593#issuecomment-703129174",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>