1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <grarpamp@gmail.com>) id 1UNQT9-0007Tl-Vy
for bitcoin-development@lists.sourceforge.net;
Wed, 03 Apr 2013 16:23:28 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.51 as permitted sender)
client-ip=209.85.212.51; envelope-from=grarpamp@gmail.com;
helo=mail-vb0-f51.google.com;
Received: from mail-vb0-f51.google.com ([209.85.212.51])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1UNQT9-0005jA-E2
for bitcoin-development@lists.sourceforge.net;
Wed, 03 Apr 2013 16:23:27 +0000
Received: by mail-vb0-f51.google.com with SMTP id x19so595268vbf.10
for <bitcoin-development@lists.sourceforge.net>;
Wed, 03 Apr 2013 09:23:21 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.59.11.199 with SMTP id ek7mr1824216ved.19.1365006201841;
Wed, 03 Apr 2013 09:23:21 -0700 (PDT)
Received: by 10.220.115.7 with HTTP; Wed, 3 Apr 2013 09:23:21 -0700 (PDT)
In-Reply-To: <CABsx9T1EmYer-85zrEdC-N0uS_nnuGVgz0QcZ+ROrn51uPSNLQ@mail.gmail.com>
References: <CAKaEYhK5ZzP8scbhyzkEU+WdWjwMBDzkgF+SrC-Mdjgo9G9RnA@mail.gmail.com>
<CACezXZ94oDX1O7y7cgh+HvDj4QiDWmy1NVQ4Ahq=gmzhgmUaHQ@mail.gmail.com>
<CAKaEYhK4v3mhkGMKDW9g7km+5artBAjpukQdwx17psgdJaqvgA@mail.gmail.com>
<CAHQs=o4pKBoVO-14dqoq9EoNxq2BNnKE+zmOjLBw+XqJfAp8yA@mail.gmail.com>
<CAKaEYh+bePsmzM5XU1wpb_SFrTnbKB8LxMvWLLqP4p8KuesuSA@mail.gmail.com>
<20130401225107.GU65880@giles.gnomon.org.uk>
<20130401225417.GV65880@giles.gnomon.org.uk>
<CA+s+GJBLUTfu8q2zE4pJ+HO5u-GweGNKZebV=XRhBe7TCPggPg@mail.gmail.com>
<CA+8xBpcZtsZ=p30hJtqLTBJPEE3eD=gQ+x6bKy46z0hc8XNB1Q@mail.gmail.com>
<CAD2Ti2-quRpfARLHw3riFpFihwYy2+R+4AW7Ovxq-W3qkzKptw@mail.gmail.com>
<CABsx9T1EmYer-85zrEdC-N0uS_nnuGVgz0QcZ+ROrn51uPSNLQ@mail.gmail.com>
Date: Wed, 3 Apr 2013 12:23:21 -0400
Message-ID: <CAD2Ti2_54CfHS8oy=b3VQTqZMighmjfiaYFEqMB+Xou8Uamr9w@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: bitcoin-development@lists.sourceforge.net
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(grarpamp[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1UNQT9-0005jA-E2
Subject: Re: [Bitcoin-development] bitcoin pull requests
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 16:23:28 -0000
> Eliminate the "if you get a bad bitcoin-qt.exe somehow you're in big
> trouble" risk entirely
This isn't really possible. A trojaned client will spend your coin as
easily as the owner can, passphrases will be logged, windows box will
be owned, secondary remote spendauth sigs into the network chain
break similarly, securely hashcheck the trojaned client from cracked
userspace on a hacked dll/kernel with uefi backdoor and a trojaned
hasher, etc.
It's easier for a few developers to meet in person to init and sig
a new repo than to try fixing the world's userland and users :)
At least that way you get something verifiable back to the root.
|