[Bitcoin-development] PSA: Please sign your git commits

Peter Todd pete at petertodd.org
Fri May 23 00:25:49 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've got a PGP smart card reader and card with a securely generated key and pin entered per signature.

Re: multisig, that's precisely why we want more than just a single maintainer signing commits.

PGP isn't perfect, but perfect is the enemy of good.


On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik <jgarzik at bitpay.com> wrote:
>Related:  Current multi-sig wallet technology being rolled out now,
>with 2FA and other fancy doodads, is now arguably more secure than my
>PGP keyring.  My PGP keyring is, to draw an analogy, a non-multisig
>wallet (set of keys), with all the associated theft/data
>destruction/backup risks.
>
>The more improvements I see in bitcoin wallets, the more antiquated my
>PGP keyring appears.  Zero concept of multisig.  The PGP keyring
>compromise process is rarely exercised.  2FA is lacking.  At least
>offline signing works well. Mostly.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS
9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA
Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2
of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd
H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC
yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ
Scv/
=GdA4
-----END PGP SIGNATURE-----





More information about the bitcoin-dev mailing list