From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1WndJJ-0000oZ-RS
	for bitcoin-development@lists.sourceforge.net;
	Fri, 23 May 2014 00:26:09 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.149.115 as permitted sender)
	client-ip=62.13.149.115; envelope-from=pete@petertodd.org;
	helo=outmail149115.authsmtp.co.uk; 
Received: from outmail149115.authsmtp.co.uk ([62.13.149.115])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1WndJI-0007Eb-Fp for bitcoin-development@lists.sourceforge.net;
	Fri, 23 May 2014 00:26:09 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
	by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s4N0Q1JG077002;
	Fri, 23 May 2014 01:26:01 +0100 (BST)
Received: from [10.211.135.98] ([95.35.60.98]) (authenticated bits=0)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s4N0PqxJ038956
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 23 May 2014 01:25:53 +0100 (BST)
User-Agent: K-9 Mail for Android
In-Reply-To: <CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com>
References: <CA+s+GJBNWh0Py9KB4Y+B19ACeHOygtkLrPw5SbZ0SrVs50pqvg@mail.gmail.com>
	<7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io>
	<CA+s+GJC8=OHmmF7fc-fT8fQDWE1uNcCS8-ELEKr0MjQ4CpbPBA@mail.gmail.com>
	<537D0CE1.3000608@monetize.io>
	<CAAS2fgSN00Y2XUqLoft9=Fq1GfWvSYQfXdD=RE8890iOU5asRQ@mail.gmail.com>
	<CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
From: Peter Todd <pete@petertodd.org>
Date: Fri, 23 May 2014 03:25:49 +0300
To: Jeff Garzik <jgarzik@bitpay.com>, Gregory Maxwell <gmaxwell@gmail.com>
Message-ID: <0b096c81-9746-4761-b124-563a991efb61@email.android.com>
X-Server-Quench: cd0d3044-e210-11e3-9f74-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdAEUFVQNAgsB AmIbW1VeUlh7XGA7 Yg9PbgBDZEpQVg11
	VE5MXVMcVwEWAXxA TmQeURF7cgMIcXt3 YwgxCnAPX0R+cVso
	QE9UCGwHMGR9YTYY VF1YdwFReQMbfxxA PlMxNiYHcQ51Pz4z
	GA41ejw8IzhbLzxQ TwcRGBoqem9ZVgY4 ShkZEH00HEIDDzQ0
	MgZuJV8AVE0WN0Az LUBJ
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 95.35.60.98/465
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1WndJI-0007Eb-Fp
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 00:26:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've got a PGP smart card reader and card with a securely generated key and pin entered per signature.

Re: multisig, that's precisely why we want more than just a single maintainer signing commits.

PGP isn't perfect, but perfect is the enemy of good.


On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik <jgarzik@bitpay.com> wrote:
>Related:  Current multi-sig wallet technology being rolled out now,
>with 2FA and other fancy doodads, is now arguably more secure than my
>PGP keyring.  My PGP keyring is, to draw an analogy, a non-multisig
>wallet (set of keys), with all the associated theft/data
>destruction/backup risks.
>
>The more improvements I see in bitcoin wallets, the more antiquated my
>PGP keyring appears.  Zero concept of multisig.  The PGP keyring
>compromise process is rarely exercised.  2FA is lacking.  At least
>offline signing works well. Mostly.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS
9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA
Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2
of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd
H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC
yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ
Scv/
=GdA4
-----END PGP SIGNATURE-----