public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: Jeff Garzik <jgarzik@bitpay.com>, Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
Date: Fri, 23 May 2014 03:25:49 +0300	[thread overview]
Message-ID: <0b096c81-9746-4761-b124-563a991efb61@email.android.com> (raw)
In-Reply-To: <CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've got a PGP smart card reader and card with a securely generated key and pin entered per signature.

Re: multisig, that's precisely why we want more than just a single maintainer signing commits.

PGP isn't perfect, but perfect is the enemy of good.


On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik <jgarzik@bitpay.com> wrote:
>Related:  Current multi-sig wallet technology being rolled out now,
>with 2FA and other fancy doodads, is now arguably more secure than my
>PGP keyring.  My PGP keyring is, to draw an analogy, a non-multisig
>wallet (set of keys), with all the associated theft/data
>destruction/backup risks.
>
>The more improvements I see in bitcoin wallets, the more antiquated my
>PGP keyring appears.  Zero concept of multisig.  The PGP keyring
>compromise process is rarely exercised.  2FA is lacking.  At least
>offline signing works well. Mostly.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS
9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA
Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2
of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd
H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC
yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ
Scv/
=GdA4
-----END PGP SIGNATURE-----




  reply	other threads:[~2014-05-23  0:26 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-21 12:23 [Bitcoin-development] PSA: Please sign your git commits Wladimir
2014-05-21 16:39 ` Chris Beams
2014-05-21 17:10   ` Wladimir
2014-05-21 20:30     ` Mark Friedenbach
2014-05-21 21:02       ` Gregory Maxwell
2014-05-22 18:06         ` Jeff Garzik
2014-05-23  0:25           ` Peter Todd [this message]
2014-05-23  7:12           ` Wladimir
2014-05-23 16:38             ` Mark Friedenbach
2014-05-23 16:48             ` Kyle Jerviss
2014-05-23 17:32               ` Gregory Maxwell
2014-05-23 10:23     ` Wladimir
2014-06-09 15:34       ` Chris Beams
2014-05-21 20:25   ` David A. Harding
2014-05-22  1:09     ` Chris Beams

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0b096c81-9746-4761-b124-563a991efb61@email.android.com \
    --to=pete@petertodd.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=gmaxwell@gmail.com \
    --cc=jgarzik@bitpay.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox