From: Peter Todd <pete@petertodd.org>
To: Jeff Garzik <jgarzik@bitpay.com>, Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
Date: Fri, 23 May 2014 03:25:49 +0300 [thread overview]
Message-ID: <0b096c81-9746-4761-b124-563a991efb61@email.android.com> (raw)
In-Reply-To: <CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've got a PGP smart card reader and card with a securely generated key and pin entered per signature.
Re: multisig, that's precisely why we want more than just a single maintainer signing commits.
PGP isn't perfect, but perfect is the enemy of good.
On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik <jgarzik@bitpay.com> wrote:
>Related: Current multi-sig wallet technology being rolled out now,
>with 2FA and other fancy doodads, is now arguably more secure than my
>PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
>wallet (set of keys), with all the associated theft/data
>destruction/backup risks.
>
>The more improvements I see in bitcoin wallets, the more antiquated my
>PGP keyring appears. Zero concept of multisig. The PGP keyring
>compromise process is rarely exercised. 2FA is lacking. At least
>offline signing works well. Mostly.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS
9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA
Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2
of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd
H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC
yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ
Scv/
=GdA4
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2014-05-23 0:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-21 12:23 [Bitcoin-development] PSA: Please sign your git commits Wladimir
2014-05-21 16:39 ` Chris Beams
2014-05-21 17:10 ` Wladimir
2014-05-21 20:30 ` Mark Friedenbach
2014-05-21 21:02 ` Gregory Maxwell
2014-05-22 18:06 ` Jeff Garzik
2014-05-23 0:25 ` Peter Todd [this message]
2014-05-23 7:12 ` Wladimir
2014-05-23 16:38 ` Mark Friedenbach
2014-05-23 16:48 ` Kyle Jerviss
2014-05-23 17:32 ` Gregory Maxwell
2014-05-23 10:23 ` Wladimir
2014-06-09 15:34 ` Chris Beams
2014-05-21 20:25 ` David A. Harding
2014-05-22 1:09 ` Chris Beams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b096c81-9746-4761-b124-563a991efb61@email.android.com \
--to=pete@petertodd.org \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=gmaxwell@gmail.com \
--cc=jgarzik@bitpay.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox