* [Bitcoin-development] Signing release binaries
@ 2012-07-29 10:17 Mike Hearn
2012-07-29 12:20 ` Peter Vessenes
2012-07-29 17:15 ` Luke-Jr
0 siblings, 2 replies; 5+ messages in thread
From: Mike Hearn @ 2012-07-29 10:17 UTC (permalink / raw)
To: Bitcoin Dev
MacOS X 10.8 makes application signing borderline mandatory, in that
you cannot run unsigned apps unless you tweak your settings via the
control panel. You must sign with a certificate issued by Apple via
their "identified developer" program.
Windows allows but does not require signing. However, anti-virus
systems tend to use signers with good reputation as a whitelisting
signal. Signing Bitcoin releases makes sense because it may lead to,
at minimum, higher performance if AV engines ignore file reads/writes
by Bitcoin. And it can also shield us from false positives. You only
need to see the mess that the mining tools world has become to
understand why this is important.
As I don't take part in the release process, I can't help out with
this directly, but I believe it's important and would be willing to
throw some money in towards buying the signing certs for both
platforms. I guess Gavin would be the final signer.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Bitcoin-development] Signing release binaries
2012-07-29 10:17 [Bitcoin-development] Signing release binaries Mike Hearn
@ 2012-07-29 12:20 ` Peter Vessenes
2012-07-29 17:15 ` Luke-Jr
1 sibling, 0 replies; 5+ messages in thread
From: Peter Vessenes @ 2012-07-29 12:20 UTC (permalink / raw)
To: Mike Hearn; +Cc: Bitcoin Dev
This is a good idea. I think I can come up with the cash, I will
follow up with gavin.
Sent from my smartphone!
On Jul 29, 2012, at 7:18 PM, Mike Hearn <mike@plan99.net> wrote:
> MacOS X 10.8 makes application signing borderline mandatory, in that
> you cannot run unsigned apps unless you tweak your settings via the
> control panel. You must sign with a certificate issued by Apple via
> their "identified developer" program.
>
> Windows allows but does not require signing. However, anti-virus
> systems tend to use signers with good reputation as a whitelisting
> signal. Signing Bitcoin releases makes sense because it may lead to,
> at minimum, higher performance if AV engines ignore file reads/writes
> by Bitcoin. And it can also shield us from false positives. You only
> need to see the mess that the mining tools world has become to
> understand why this is important.
>
> As I don't take part in the release process, I can't help out with
> this directly, but I believe it's important and would be willing to
> throw some money in towards buying the signing certs for both
> platforms. I guess Gavin would be the final signer.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Bitcoin-development] Signing release binaries
2012-07-29 10:17 [Bitcoin-development] Signing release binaries Mike Hearn
2012-07-29 12:20 ` Peter Vessenes
@ 2012-07-29 17:15 ` Luke-Jr
2012-07-30 2:29 ` Cameron Garnham
1 sibling, 1 reply; 5+ messages in thread
From: Luke-Jr @ 2012-07-29 17:15 UTC (permalink / raw)
To: bitcoin-development
On Sunday, July 29, 2012 10:17:51 AM Mike Hearn wrote:
> I guess Gavin would be the final signer.
Considering that Gavin is not interested in participating in any way in the
stable versions, I would prefer to see someone else responsible for OS-vendor
signing.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Bitcoin-development] Signing release binaries
2012-07-29 17:15 ` Luke-Jr
@ 2012-07-30 2:29 ` Cameron Garnham
2012-07-30 13:02 ` Peter Pauly
0 siblings, 1 reply; 5+ messages in thread
From: Cameron Garnham @ 2012-07-30 2:29 UTC (permalink / raw)
To: bitcoin-development
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I'm not a vendor, however I have a code-signing key for windows; I could
sign the windows installer and binary.
On 30/07/2012 3:15 AM, Luke-Jr wrote:
> On Sunday, July 29, 2012 10:17:51 AM Mike Hearn wrote:
>> I guess Gavin would be the final signer.
>
> Considering that Gavin is not interested in participating in any way in the
> stable versions, I would prefer to see someone else responsible for OS-vendor
> signing.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAlAV8ZYACgkQBJ8cMDO159ZNVgD+KsQUlNcTDSmTGaHvLbAw0Cxy
OCDfnsFbaiLoX2xWP3MBAOnN/QvcYY8f2WzMfI+N1PfnydRYGxlkA2JZ2Nrtnxcv
=qeUe
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Bitcoin-development] Signing release binaries
2012-07-30 2:29 ` Cameron Garnham
@ 2012-07-30 13:02 ` Peter Pauly
0 siblings, 0 replies; 5+ messages in thread
From: Peter Pauly @ 2012-07-30 13:02 UTC (permalink / raw)
To: Cameron Garnham; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 358 bytes --]
I'd like to see the binaries signed with gpg, independent of any signatures
required for various operating systems.
I can't imagine a worse scenario than the bitcoin.org site being hacked and
the binaries replaced with wallet-stealing code. All of the developers seem
to have gpg keys, how hard can it be to provide a detached gpg signature
for the binary?
[-- Attachment #2: Type: text/html, Size: 448 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-07-30 13:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-29 10:17 [Bitcoin-development] Signing release binaries Mike Hearn
2012-07-29 12:20 ` Peter Vessenes
2012-07-29 17:15 ` Luke-Jr
2012-07-30 2:29 ` Cameron Garnham
2012-07-30 13:02 ` Peter Pauly
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox