Package Details: bisq 1.9.12-1

Git Clone URL: (read-only, click to copy)
Package Base: bisq
Description: Cross-platform desktop application that allows users to trade national currency (dollars, euros, etc) for bitcoin without relying on centralized exchanges
Upstream URL:
Licenses: AGPL3
Conflicts: bisq-bin, bisq-git
Provides: bisq
Submitter: dmp1ce
Maintainer: dmp1ce (freimair)
Last Packager: dmp1ce
Votes: 59
Popularity: 1.16
First Submitted: 2017-07-05 14:43 (UTC)
Last Updated: 2023-07-15 17:20 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 .. 11 Next › Last »

dmp1ce commented on 2021-06-29 15:33 (UTC)

It looks like the tar.gz.asc is missing so the 1.7.0 build breaks.

Ranguvar commented on 2021-06-12 06:47 (UTC)

Just a note here that building with OpenJDK 16 from [testing] currently fails. 15.0.2 u7 still works fine.

michalzuber commented on 2021-05-31 09:35 (UTC)

I had to create an alias

bisq-desktop='JAVA_HOME=/usr/lib/jvm/java-11-openjdk bisq-desktop'

janders commented on 2021-05-14 10:09 (UTC)

Thanks Foobo, I ran the following command:

sudo archlinux-java set java-15-openjdk

And then Bisq upgraded with no problem.

foobo108 commented on 2021-05-14 07:38 (UTC)

Your JDK 8 is set as default and therefore the error. For bisq-1.6.4 to be compiled you need to set your Java to another default as per Try JDK 15.

janders commented on 2021-05-12 14:34 (UTC)

I'm trying to upgrade Bisq from 1.6.2-1 to 1.6.4-1, but the build is failing. Here is what I believe to be the relevant logs:

> Task :assets:compileJava FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':assets:compileJava'.
> Could not target platform: 'Java SE 10' using tool chain: 'JDK 8 (1.8)'.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at

Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.

17 actionable tasks: 2 executed, 15 up-to-date
==> ERROR: A failure occurred in build().

I don't have gradle installed, is that a requirement? Or maybe I have a versioning problem with java or jdk. Here is what I have installed:

$ pacman -Q | grep -E 'java|jdk|gradle'
java-environment-common 3-3
java-runtime-common 3-3
java11-openjfx 11.0.10.u1-1
jdk-openjdk 15.0.2.u7-1
jdk10-openjdk 10.0.2.u13-2
jdk11-openjdk 11.0.11.u9-1
jdk8-openjdk 8.u292-1
jre-openjdk 15.0.2.u7-1
jre-openjdk-headless 15.0.2.u7-1
jre10-openjdk 10.0.2.u13-2
jre10-openjdk-headless 10.0.2.u13-2
jre11-openjdk 11.0.11.u9-1
jre11-openjdk-headless 11.0.11.u9-1
jre8-openjdk 8.u292-1
jre8-openjdk-headless 8.u292-1

I poked around at, but really have no idea what I'm reading. Any help is appreciated.

dmp1ce commented on 2021-03-06 16:50 (UTC)

That's right. Go to the releases page and you will see the same hash for the GPG key. 29CDFD3B which belongs to Christoph Atteneder.

If you use 29CDFD3B, as suggested on Github and here, then you know you are installing the binary created from the original creator.

freimair commented on 2021-03-04 14:08 (UTC) (edited on 2021-03-04 14:09 (UTC) by freimair)

Question is, is this person trusted?

Well that is on you to decide. :) the prettygoodprivacy (PGP) system is designed to build trust networks and give you guidance on whether to trust the key of someone or not. It is a tool that attempts to help to come over a pretty much unsolvable problem.

In this case,, which is the place where Bisq is built, gives you a whole lot of information on how it is built, how it is installed and how you can verify that you got the correct software package. There you can also find the key files of the guy who packaged and released bisq (and he did so for years now).

Does this fix defeat the purpose of having keys in the first place?

Well, you do no longer need to trust me, the packager, to supply the correct checksums. And you can be rather certain that it still is the same guy that releases bisq, until key stuff starts acting up again. So at least you can be certain that nobody suddenly hijacked the AUR and feeds you malicious software.