Verifying installers is something critical for avoiding malware that few people do. It's not hard at all, and this video shows you how to do it in just about 1 minute.

Before following the steps below, you'll need to make sure you have gpg installed. You should already have it on Linux, but if you need to install it on macOS, run `brew install gnupg`.

Once you have the Bisq installer file and PGP signature:

- Download and import the Bisq developer's public key:

`curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import`

Bisq installer files are currently built and signed by Christoph Atteneder (ripcurlx). His public key ID is 29CDFD3B and fingerprint is CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B, which you can verify through commits on GitHub (https://github.com/bisq-network/bisq/...) and on Keybase (https://keybase.io/ripcurlx).

- Verify the installer's PGP signature:

`gpg --digest-algo SHA256 --verify installer.deb.asc`

If on macOS, you will of course verify a file ending with .dmg.asc.

(Royalty-free music from bensound.com)