{{Header}}
{{title|title=
Electrum Bitcoin Wallet in {{project_name_long}} Development Notes
}}
{{#seo:
|description=outdated packages.debian.org, binaries-freedom package, etc.
}}

To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers. <ref name=elecrum_fishing_exploit>https://github.com/spesmilo/electrum/issues/5183</ref> <ref name=elecrum_fishing_expoit2>https://github.com/spesmilo/electrum/issues/5190</ref> This step was necessary to prevent user exposure to phishing messages. <ref>
For further details, see: [https://github.com/spesmilo/electrum/issues/5195 Github Electrum issues].
</ref> If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.

At the time of writing (July 20, 2019) the Electrum website (https://electrum.org) was the target of a large [https://en.wikipedia.org/wiki/Denial-of-service_attack DDoS attack].
To follow developments, refer to this [https://forums.whonix.org/t/i-can-not-install-electrum/7794 Whonix forum thread].

This prevents users from downloading the Electrum AppImage using file downloaders like [https://whonix.org/wiki/Secure_Downloads scurl] and [https://www.gnu.org/software/wget/ wget]. If you are affected by this issue, the downloaded AppImage and signature will show the corresponding file to be composed of an HTML document and ASCII text. This means there are limited options for securely downloading a functional Electrum version right now.

For greater convenience and security, the Electrum AppImage was [https://forums.whonix.org/t/policy-for-inclusion-of-compiled-software/6635 installed in {{project_name_short}} by default] as part of the <code>binaries-freedom</code> package. <ref>
The latter package has been added to <code>whonix-workstation-packages-recommended-gui
</code>, see: [https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b Install Electrum by default].
</ref>

= Previous Advice Given to Users prior Creation of binaries-freedom Package =
While it is usually strongly recommended <ref>See: [[Install_Software#Best_Practices|Install Software: Best Practices]].</ref> <ref>
{{mbox
| image   = [[File:Ambox_warning_pn.svg.png|40px]]
| text    =
Installing software best practices:

* [[Install_Software#Prefer_APT|Prefer APT]]: it is generally safest to stick with Debian's official APT package manager.
* [[Install_Software#Avoid_Third_Party_Package_Managers| Avoid Third Party Package Managers]]: there are many third party package managers besides APT, however many lack the security safeguards that are standard in Debian.
* [[Install_Software#Avoid_Manual_Software_Installation| Avoid Manual Software Installation]]: generally avoid the manual installation of packages, even trusted ones.
* [[Verifying_Software_Signatures|Always Verify Signatures]]: for greater system security, the installation of unsigned software is strongly discouraged.
* [[Install_Software#Prefer_Packages_from_Debian_Stable_Repository| Prefer Packages from Debian Stable Repository]]: if deciding to install new software after considering the risks, then prefer Debian's stable repository rather than the testing / unstable or third party repositories.
}}</ref> to install software from the Debian repositories, the [https://packages.debian.org/sid/utils/electrum latest available package] is too old and will not connect to public servers. This means Debian's official package manager (<code>APT</code>) cannot be used to install a working Electrum version.

The best option at present is to install Electrum from the official website, although it is currently being attacked (see the notices section). The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation, particularly if the server infrastructure is under assault.

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category: Design]] [[Category: Development]]