Verify apps in the start 9 registry?

bonez · September 18, 2025, 7:31am

Hi everyone!
Quick question: Is there a need to verify app downloads from the Start9 registry or the community registry?

Thanks in advance!

StuPleb · September 18, 2025, 1:59pm

Directly, no, in downloading via a specific registry you are trusting that registry.

If you don’t want to trust the registry, then you are able to:

visit the individual wrapper repos listed
clone the repo
run the build process
sideload the resulting binary

bonez · September 18, 2025, 4:48pm

Hi StuPleb!

Thank you very much for the detailed response! I appreciate it!

b

bonez · October 1, 2025, 6:20am

I have been unable to run the build process for Bitcoin knots (couldn’t figure it out). Would it be a good idea to uninstall it? I appreciate the help!

Thanks again!!!

Rexter · October 1, 2025, 2:14pm

I’m not clear on the purpose here. Why are you considering uninstalling it?

bonez · October 1, 2025, 3:50pm

Hi Rexter

I just thought anything downloaded from the community registry is less “safe”. And since I didn’t complete the steps Stupleb outlined for me- I feel a bit uneasy about using it. Should I feel this way? I’ve done all I can the past couple of days but I’m not that technical.

Thank you!

h0mer · October 1, 2025, 5:33pm

Hi bonez,

You’re perfectly fine running Bitcoin from the Start9 registry. I’m pretty sure most users run it that way. Of course, if you’re particularly security-conscious and don’t want to trust Start9’s packaging, you can build the service yourself and examine the code. However, if you’re not technically inclined, you’ll need to trust someone at some point in the process.

bonez · October 1, 2025, 5:37pm

Hi Homer!

Just to clarify: Does this apply to the community registry as well? I’m deciding if I should run knots on s9.

Thanks!!

Rexter · October 2, 2025, 12:49am

The fact that a service is in the Community registry does not indicate that it’s “less safe.” It usually indicates that it’s just not specifically packaged or supported by Start9. In the case of Bitcoin Knots, the only reason it’s in the community registry is because this was a hacky way for us to provide both Knots, and Core, as drop-in replacements for each other, on the current version of StartOS. In the upcoming StartOS 0.4.0, this won’t be the case. Both Knots, and Core will be in the official registry. The steps provided by Stuart would allow you to bypass the registry, but you’re still blindly trusting the code you’re building from, unless you have the skill to audit the code yourself. In any software you run, there’s always a small chance some sort of supply line attack.

I’m not going to speculate on what’s safe or not safe. Too many subjective variables in that. But I will tell you that I’m running Bitcoin Knots, from the community registry myself, and I sleep fine with that.

bonez · October 2, 2025, 2:04am

Hi Rexter!

I appreciate your thorough explanation of how things work. You broke things down very well.

Thank you!
B

Fyi: I almost completed step 3 (running the build but it was tough) after spending lots of time online and AI. Not fun when things start falling apart