Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UNQT9-0007Tl-Vy for bitcoin-development@lists.sourceforge.net; Wed, 03 Apr 2013 16:23:28 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.51 as permitted sender) client-ip=209.85.212.51; envelope-from=grarpamp@gmail.com; helo=mail-vb0-f51.google.com; Received: from mail-vb0-f51.google.com ([209.85.212.51]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UNQT9-0005jA-E2 for bitcoin-development@lists.sourceforge.net; Wed, 03 Apr 2013 16:23:27 +0000 Received: by mail-vb0-f51.google.com with SMTP id x19so595268vbf.10 for ; Wed, 03 Apr 2013 09:23:21 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.59.11.199 with SMTP id ek7mr1824216ved.19.1365006201841; Wed, 03 Apr 2013 09:23:21 -0700 (PDT) Received: by 10.220.115.7 with HTTP; Wed, 3 Apr 2013 09:23:21 -0700 (PDT) In-Reply-To: References: <20130401225107.GU65880@giles.gnomon.org.uk> <20130401225417.GV65880@giles.gnomon.org.uk> Date: Wed, 3 Apr 2013 12:23:21 -0400 Message-ID: From: grarpamp To: bitcoin-development@lists.sourceforge.net Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (grarpamp[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UNQT9-0005jA-E2 Subject: Re: [Bitcoin-development] bitcoin pull requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2013 16:23:28 -0000 > Eliminate the "if you get a bad bitcoin-qt.exe somehow you're in big > trouble" risk entirely This isn't really possible. A trojaned client will spend your coin as easily as the owner can, passphrases will be logged, windows box will be owned, secondary remote spendauth sigs into the network chain break similarly, securely hashcheck the trojaned client from cracked userspace on a hacked dll/kernel with uefi backdoor and a trojaned hasher, etc. It's easier for a few developers to meet in person to init and sig a new repo than to try fixing the world's userland and users :) At least that way you get something verifiable back to the root.