[Bitcoin-development] [unSYSTEM] DarkWallet Best Practices

Drak drak at zikula.org
Thu Dec 19 18:05:51 UTC 2013

How does signing the commit message itself help at all since it just signs
the commit message, not the content of the commit. You could commit some
code then I. Then I squash my commits into yours and use your commit
message. You could also include the previous commit hash in your commit

But correct me if I am wrong, but that would be difficult (if not
impossible) to verify once you get into merging code since the patch can be
merged in at another point in history entirely.. and still doesn't work
because I can still squash commits into yours. I don't see how it can work
at all unless I am missing something obvious (which I fear I may be?).

I also don't believe Linus is talking just from the perspective of how the
kernel project works. The integrity of a git repository is maintained by
the hash chaining and by the distributed nature of the repository. If
someone hacked github and changed the history of the tree, the next time
you tried to push his code up it would fail because the history had changed
- tampering is immediately obvious in git.



On 19 December 2013 17:44, Peter Todd <pete at petertodd.org> wrote:

> On Thu, Dec 19, 2013 at 04:04:17PM -0000, Amir Taaki wrote:
> Looks like for this to actually go to the email lists they need to be in
> the To: field.
> > About signing each commit, Linus advises against it:
> >
> >
> http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-td2582986.html
> >
> > "Btw, there's a final reason, and probably the really real one. Signing
> > each commit is totally stupid. It just means that you automate it, and
> you
> > make the signature worth less. It also doesn't add any real value, since
> > the way the git DAG-chain of SHA1's work, you only ever need _one_
> > signature to make all the commits reachable from that one be effectively
> > covered by that one. So signing each commit is simply missing the point."
> >
> > What do you reckon?
> His point is valid, but it's valid in the context of how Linux
> development is done, not Bitcoin. The key difference being that Linus
> and other kernel developers have a model where code is passed around on
> mailing lists and between developers rather than stored on untrustworthy
> third-parties like github.
> For instance typically someone will submit a patch to the kernel
> development mailing list, example:
> http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg558841.html
> That patch isn't signed, and the email itself doesn't have to be PGP
> signed either. However a trusted maintainer of the relevant subsystem
> will (in theory) look over the patch carefully and commit it to their
> personal tree on a secure computer. (in theory)
> At some point the maintainer will create a *signed* tag on a commit with
> one or more patches, often many patches, another another maintainer
> higher in the hierarchy (maybe even Linus) will *merge* that tag into
> their tree, hopefully checking the signature first! Modern versions of
> git actually include the tag signature in the merge commit, so the
> result is signed by the original maintainer; note how this contradicts
> Linus's email with regard to the idea of separable signatures.
> Eventually multiple such groups of patches build up and the result is
> tagged as a release, and that release tag is signed.
> Accountability in this model rests with maintainers, and source-code
> stays on a multitude of personal, secure, locations. (in theory)
> However since we like to use github and tend to get code directly from
> it our main risk is github (or similar) being compromised. Given that I
> think we're much better off using per-commit signatures, and in effect
> continually making the statement "Yes, this commit/merge was really
> produced by me on my machine, although I may have made a mistake and
> might not have looked at the code as thoroughly as I maybe should have."
> The statement *is* weaker than Linus's model of "This signature is
> Really Official and Stuff and I've carefully checked everything." but I
> think we're much more interested in getting a strong guarantee on who
> made the commit than some strong statement about its actual contents -
> humans are fallible anyway.
> > Also do you approve of the other link I sent you?
> >
> > https://wiki.unsystem.net/index.php/DarkWallet/Negotiation
> I think you're conflating identities with the messaging layer; focus on
> the latter and use off-the-shelf identity systems like OpenPGP and SSL
> certificate authorities. Remember that every new identity system that
> gets involved is another way for an attacker to MITM attack you; you're
> better off using whatever the user is using already.
> --
> 'peter'[:-1]@petertodd.org
> 00000000000000016a442255c6d15cd6e085991c1efffc9caeff5fc6da14368a
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131219/fff6022f/attachment.html>

More information about the bitcoin-dev mailing list