[Bitcoin-development] Reconsidering github

Peter Todd pete at petertodd.org
Sat Aug 23 22:45:22 UTC 2014


On Sat, Aug 23, 2014 at 12:44:14PM -0500, Troy Benjegerdes wrote:
 What I would really like is a frontend and/or integration to Git/Mercurial that
> uses Bitcoin transactions *as* the signature, which has the nice side effect of
> providing timestamps backed by the full faith and credit of a billion dollar
> blockchain. So what is the best way for me to stick both a git *and* a
> mercurial identity hash into a bitcoin transaction?  (which leads to point 2
> below)

A "bitcoin transaction" can't by itself serve as a signature, as there
isn't any way to link the transaction to what you actually care about -
a human being - without additional infrastructure. You may find it
helpful to reflect back upon your 2nd and 3rd year courses on
post-modernism and semiotics: Is a keypair in a public key cryptography
system what is being signified, or is it merely a (posssibly false)
signifier?

If you just want to timestamp a git commit you can timestamp it in the
Bitcoin blockchain. I have the code to do so in my python-bitcoinlib:

    examples/timestamp.py <git commit>

To check timestamps the following should work, although I haven't tried:

    bitcoind searchrawtransactions <git commit>

You do need the searchrawtransactions patch. I've personally timestamped
most of the git tags for releases this way.

> > If you feel like volunteering to maintain one of these repos, you may
> > find my Litecoin v0.8.3.7 audit report to be a useful template:
> > 
> > https://bitcointalk.org/index.php?topic=265582.0
> 
> I'm not interested in volunteer, I'm interested in getting paid, and the
> best way I believe I can accomplish that is use *my* bitcoin address in a
> signature-transaction of the code I've reviewed.
> 
> What is the advantage of PGP? Far more people have ECDSA public-private 
> keys than PGP keys.

PGP of course has vast amounts of identity infrastructure already
developed for it, infrastructure that simply doesn't exist for "Bitcoin
addresses"

In any case you'll be happy to know that secp256k1 has been added to the
GPG development branch, which means you can sign your code with a ECDSA
key corresponding to a Bitcoin address if you wish too.

-- 
'peter'[:-1]@petertodd.org
000000000000000006fb87cb8ec6e0981b134953f1916c513f7210b534a94b8b
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140823/aafd9a93/attachment.sig>


More information about the bitcoin-dev mailing list