[Bitcoin-development] bitcoinj 0.11 released, with p2sh, bip39 and payment protocol support

Mike Hearn mike at plan99.net
Fri Feb 7 10:48:17 UTC 2014


Here’s a new release announcement with full ID’s this time:

The v0.11 tag is signed by Andreas Schildbach’s GPG key (fingerprint E944 AE66 7CF9 60B1 004B C32F CA66 2BE1 8B87 7A60). The commit hash is 410d4547a7dd20745f637313ed54d04d08d28687.

Key: 16vSNFP5Acsa6RBbjEA7QYCCRDRGXRFH4m
Signature: IFXzt4ZdWFEpLrAXRDnQS6ZKJYGmyHDHtyAgeg/2/EaTvg41jSsUQW8rq19evT2UNp+eP0+OWgWM7iDKrTv11DY=

It’s worth noting that this problem crops up in other contexts too. For instance, it’s very common for people to identify PGP keys by a short identifier.

As it happens I do have a PGP key, fingerprint C85A AB0F 7A1C CCA3 2BFC EECC F2E4 861C 9988 816F, and I just signed Andreas’ key with it. However, as I’m not myself well connected in the web of trust, that doesn’t add a whole lot. But now that my key is effectively signed out of band by SwissSign so if people wanted to manually trace a trust path across systems, they could. I am skeptical anyone will :-)

Note that thanks to Gary Rowe, there is a Maven dependency checker plugin that verifies the (full) hashes of library dependencies. It could be better integrated but it provides another backstop.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7453 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140207/927761b1/attachment.p7s>


More information about the bitcoin-dev mailing list