From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WndJJ-0000oZ-RS for bitcoin-development@lists.sourceforge.net; Fri, 23 May 2014 00:26:09 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.115 as permitted sender) client-ip=62.13.149.115; envelope-from=pete@petertodd.org; helo=outmail149115.authsmtp.co.uk; Received: from outmail149115.authsmtp.co.uk ([62.13.149.115]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WndJI-0007Eb-Fp for bitcoin-development@lists.sourceforge.net; Fri, 23 May 2014 00:26:09 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s4N0Q1JG077002; Fri, 23 May 2014 01:26:01 +0100 (BST) Received: from [10.211.135.98] ([95.35.60.98]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s4N0PqxJ038956 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 May 2014 01:25:53 +0100 (BST) User-Agent: K-9 Mail for Android In-Reply-To: References: <7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io> <537D0CE1.3000608@monetize.io> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 From: Peter Todd Date: Fri, 23 May 2014 03:25:49 +0300 To: Jeff Garzik , Gregory Maxwell Message-ID: <0b096c81-9746-4761-b124-563a991efb61@email.android.com> X-Server-Quench: cd0d3044-e210-11e3-9f74-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdAEUFVQNAgsB AmIbW1VeUlh7XGA7 Yg9PbgBDZEpQVg11 VE5MXVMcVwEWAXxA TmQeURF7cgMIcXt3 YwgxCnAPX0R+cVso QE9UCGwHMGR9YTYY VF1YdwFReQMbfxxA PlMxNiYHcQ51Pz4z GA41ejw8IzhbLzxQ TwcRGBoqem9ZVgY4 ShkZEH00HEIDDzQ0 MgZuJV8AVE0WN0Az LUBJ X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 95.35.60.98/465 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1WndJI-0007Eb-Fp Cc: Bitcoin Development Subject: Re: [Bitcoin-development] PSA: Please sign your git commits X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2014 00:26:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've got a PGP smart card reader and card with a securely generated key and pin entered per signature. Re: multisig, that's precisely why we want more than just a single maintainer signing commits. PGP isn't perfect, but perfect is the enemy of good. On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik wrote: >Related: Current multi-sig wallet technology being rolled out now, >with 2FA and other fancy doodads, is now arguably more secure than my >PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig >wallet (set of keys), with all the associated theft/data >destruction/backup risks. > >The more improvements I see in bitcoin wallets, the more antiquated my >PGP keyring appears. Zero concept of multisig. The PGP keyring >compromise process is rarely exercised. 2FA is lacking. At least >offline signing works well. Mostly. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8 cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS 9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2 of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ Scv/ =GdA4 -----END PGP SIGNATURE-----