Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jgarzik@bitpay.com>) id 1WnXO3-0004xT-0x
	for bitcoin-development@lists.sourceforge.net;
	Thu, 22 May 2014 18:06:39 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bitpay.com
	designates 74.125.82.179 as permitted sender)
	client-ip=74.125.82.179; envelope-from=jgarzik@bitpay.com;
	helo=mail-we0-f179.google.com; 
Received: from mail-we0-f179.google.com ([74.125.82.179])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WnXO2-00078y-1Y
	for bitcoin-development@lists.sourceforge.net;
	Thu, 22 May 2014 18:06:38 +0000
Received: by mail-we0-f179.google.com with SMTP id q59so3858892wes.10
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 22 May 2014 11:06:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc:content-type;
	bh=wwZs2MlmjcuMkorz5akoK2MfXUv8oxzGCPSo+/mrIrI=;
	b=CuqvTtJkaYeNhp3MfJ59P6gpemiVzr431u7OYOio7LMWTlfVy7CcA2OBsSeSehHOiD
	OmnPpaObzUSe8QUhr66NO4zX7SLEJAMvNtBN0oVVOpy6XEuy/gTR41RzcG57J9zezNus
	xwgb/xyGKTyG/2ODX4tdGHTM1xIfJ3qMNSNnHhlUVJFP8Z9c3E+J8jC9f8XrJpFtZCm9
	86mhYMFuqxLWgNhFOXSq1IA10C/cAHtg28C5NUULzAU+Edu2OhKBNMxgU9ql8hremegG
	qpoAbgAczSHqMhTwwF7dSPvfXwflOOEA6xZB1ZtDfDdwgf012k1e4JDPg1ZFYX2ontV8
	3l9Q==
X-Gm-Message-State: ALoCoQkkGIvs38kPp2vBQNtVkNRDWnTlR9nlGJu7aws2wOk+9YYY3pJ+Is0Y8YgkTymMTRfsyi3Z
X-Received: by 10.180.73.66 with SMTP id j2mr177265wiv.36.1400781991741; Thu,
	22 May 2014 11:06:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.240.166 with HTTP; Thu, 22 May 2014 11:06:10 -0700 (PDT)
In-Reply-To: <CAAS2fgSN00Y2XUqLoft9=Fq1GfWvSYQfXdD=RE8890iOU5asRQ@mail.gmail.com>
References: <CA+s+GJBNWh0Py9KB4Y+B19ACeHOygtkLrPw5SbZ0SrVs50pqvg@mail.gmail.com>
	<7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io>
	<CA+s+GJC8=OHmmF7fc-fT8fQDWE1uNcCS8-ELEKr0MjQ4CpbPBA@mail.gmail.com>
	<537D0CE1.3000608@monetize.io>
	<CAAS2fgSN00Y2XUqLoft9=Fq1GfWvSYQfXdD=RE8890iOU5asRQ@mail.gmail.com>
From: Jeff Garzik <jgarzik@bitpay.com>
Date: Thu, 22 May 2014 14:06:10 -0400
Message-ID: <CAJHLa0NNMKW57r2cRsu3a1UFSf5MSp-EWATqf--DKTe-=n26CA@mail.gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WnXO2-00078y-1Y
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 18:06:39 -0000

Related:  Current multi-sig wallet technology being rolled out now,
with 2FA and other fancy doodads, is now arguably more secure than my
PGP keyring.  My PGP keyring is, to draw an analogy, a non-multisig
wallet (set of keys), with all the associated theft/data
destruction/backup risks.

The more improvements I see in bitcoin wallets, the more antiquated my
PGP keyring appears.  Zero concept of multisig.  The PGP keyring
compromise process is rarely exercised.  2FA is lacking.  At least
offline signing works well. Mostly.



On Wed, May 21, 2014 at 5:02 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Wed, May 21, 2014 at 1:30 PM, Mark Friedenbach <mark@monetize.io> wrote:
>> Honest question: what would signed commits do to help us here anyway?
>> What's the problem being solved?
>>
>> Unfortunately git places signatures in the history itself, so it's not
>> like we could use easily use signatures to indicate acceptance after
>> code review, like we could if we were using monotone for example. Git
>> just wasn't designed for a commit-signing workflow.
>
> Just makes it easier to sort out things like your git account (or the
> git site) being compromised and used to submit commits.
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development



-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/