summaryrefslogtreecommitdiff
path: root/b7/e53f681b8301f6e2d233e1d480035406e0956f
blob: 831957b9e07f4a91ba0cdad15494faaf72d880ca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1XLK4s-0003Dr-Vk
	for bitcoin-development@lists.sourceforge.net;
	Sat, 23 Aug 2014 22:46:31 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.93 as permitted sender)
	client-ip=62.13.148.93; envelope-from=pete@petertodd.org;
	helo=outmail148093.authsmtp.net; 
Received: from outmail148093.authsmtp.net ([62.13.148.93])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1XLK4r-0005ck-FO for bitcoin-development@lists.sourceforge.net;
	Sat, 23 Aug 2014 22:46:30 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
	by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s7NMjcoS085840; 
	Sat, 23 Aug 2014 23:45:38 +0100 (BST)
Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com
	[75.119.251.161]) (authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s7NMjYqM085005
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Sat, 23 Aug 2014 23:45:36 +0100 (BST)
Date: Sat, 23 Aug 2014 18:45:22 -0400
From: Peter Todd <pete@petertodd.org>
To: Troy Benjegerdes <hozer@hozed.org>
Message-ID: <20140823224522.GA18381@savin.petertodd.org>
References: <CAJHLa0NXAYh9HzazN6gArUV8y7J8_G0oqkZqPBgibpW0wRNxKQ@mail.gmail.com>
	<2302927.fMx0I5lQth@1337h4x0r>
	<20140823061701.GQ22640@nl.grid.coop>
	<20140823143215.GA18452@savin.petertodd.org>
	<20140823174414.GT22640@nl.grid.coop>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC"
Content-Disposition: inline
In-Reply-To: <20140823174414.GT22640@nl.grid.coop>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 3347658c-2b17-11e4-b396-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdAEUGUATAgsB AmIbWVdeVFh7WmQ7 bA9PbARUfEhLXhtr
	VklWR1pVCwQmQht/ e0R3E2RyfwBGeHs+ ZEBiWHgVX0d+ckB4
	Sh1JFz8HYnphaTUb TRJbfgVJcANIexZF O1F6ACIKLwdSbGoL
	NQ4vNDcwO3BTJTpY RgYVKF8UXXNDJDM3 QBYZHDkiB0wDSG08 LgAmN1R0
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 75.119.251.161/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1XLK4r-0005ck-FO
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Reconsidering github
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 22:46:31 -0000


--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 23, 2014 at 12:44:14PM -0500, Troy Benjegerdes wrote:
 What I would really like is a frontend and/or integration to Git/Mercurial=
 that
> uses Bitcoin transactions *as* the signature, which has the nice side eff=
ect of
> providing timestamps backed by the full faith and credit of a billion dol=
lar
> blockchain. So what is the best way for me to stick both a git *and* a
> mercurial identity hash into a bitcoin transaction?  (which leads to poin=
t 2
> below)

A "bitcoin transaction" can't by itself serve as a signature, as there
isn't any way to link the transaction to what you actually care about -
a human being - without additional infrastructure. You may find it
helpful to reflect back upon your 2nd and 3rd year courses on
post-modernism and semiotics: Is a keypair in a public key cryptography
system what is being signified, or is it merely a (posssibly false)
signifier?

If you just want to timestamp a git commit you can timestamp it in the
Bitcoin blockchain. I have the code to do so in my python-bitcoinlib:

    examples/timestamp.py <git commit>

To check timestamps the following should work, although I haven't tried:

    bitcoind searchrawtransactions <git commit>

You do need the searchrawtransactions patch. I've personally timestamped
most of the git tags for releases this way.

> > If you feel like volunteering to maintain one of these repos, you may
> > find my Litecoin v0.8.3.7 audit report to be a useful template:
> >=20
> > https://bitcointalk.org/index.php?topic=3D265582.0
>=20
> I'm not interested in volunteer, I'm interested in getting paid, and the
> best way I believe I can accomplish that is use *my* bitcoin address in a
> signature-transaction of the code I've reviewed.
>=20
> What is the advantage of PGP? Far more people have ECDSA public-private=
=20
> keys than PGP keys.

PGP of course has vast amounts of identity infrastructure already
developed for it, infrastructure that simply doesn't exist for "Bitcoin
addresses"

In any case you'll be happy to know that secp256k1 has been added to the
GPG development branch, which means you can sign your code with a ECDSA
key corresponding to a Bitcoin address if you wish too.

--=20
'peter'[:-1]@petertodd.org
000000000000000006fb87cb8ec6e0981b134953f1916c513f7210b534a94b8b

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGrBAEBCACVBQJT+Rl8XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAyMzkzNDRmYzUzMmJiYWQ4YTY3OWUzZmMzMGU4OTAwNzcy
NTIzYTEwYzQ3MjBhMGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfu5dAf+NihDfBuVD2HCvi2v5v6cdboV
098+pbCzsTDajzOMpkq2QK4Y3TaB8dRFGEiiJhr5HeJA76m7eK49nvvwzbitAA17
YH5Y6SUUUYsDWJNfWSeT5hhwebR0nGWtERcAsxKDIcGjMudrfQ0/ozsdP1TSyPeR
GfPqah3KfTvJvFOzqmCcqeLo4dZ7DnmYBm9BNFqESen51hdHRMmln6g9LuqbkHgc
rJcIi9MO+D6lU7q5EX40U/iAA2hwudmLzhjDhQ+2E0Pice3TkBMYbbe0FEJN7dAZ
+mu/Xc6S+hzxy1/0JD4HwoAAxJwf++pN8jBRLX6ukdfKrCP2aWJia6GqLVOeHg==
=b5e2
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--