Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1XT3Id-00087P-Fk
	for bitcoin-development@lists.sourceforge.net;
	Sun, 14 Sep 2014 06:28:39 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.110 as permitted sender)
	client-ip=62.13.148.110; envelope-from=pete@petertodd.org;
	helo=outmail148110.authsmtp.com; 
Received: from outmail148110.authsmtp.com ([62.13.148.110])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1XT3Ib-00031H-DF for bitcoin-development@lists.sourceforge.net;
	Sun, 14 Sep 2014 06:28:39 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
	by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s8E6SU4Z069610; 
	Sun, 14 Sep 2014 07:28:30 +0100 (BST)
Received: from muck (host-92-27-141-92.static.as13285.net [92.27.141.92])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s8E6SRpc094149
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Sun, 14 Sep 2014 07:28:28 +0100 (BST)
Date: Sun, 14 Sep 2014 07:28:27 +0100
From: Peter Todd <pete@petertodd.org>
To: Jeff Garzik <jgarzik@bitpay.com>
Message-ID: <20140914062826.GB21586@muck>
References: <20140913135528.GC6333@muck>
	<CAJHLa0MaE3Ki5Hs4Tu4dQNBW-EL-857N2kf-fVxYcXM6OO-84w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O"
Content-Disposition: inline
In-Reply-To: <CAJHLa0MaE3Ki5Hs4Tu4dQNBW-EL-857N2kf-fVxYcXM6OO-84w@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 57515471-3bd8-11e4-9f74-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aAdMdwYUC1AEAgsB AmIbW1NeUlV7W2o7 YghPbwJDY05PQQxo
	T01BRU1TWkZgdBpi ZF5NUhB2dgFPNndz bE8sW3deXUF+ckdg
	QRwAHXAHZDJkdWlJ V0RFdwNWdQpKLx5G bwR8GhFYa3VsFCMk
	FAgyOXU9MCtSLCNN RwwLMWdabUEGBXY1 QQEFGzhnHUQbSm06
	KQ06Kl8aEw4YLg07 NV9pQlMXNRIeQgdP fQl2CTNePFkACDFj NSxiFU0TAWo1
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 92.27.141.92/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1XT3Ib-00031H-DF
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Does anyone have anything at all signed
 by Satoshi's PGP key?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 06:28:39 -0000


--zx4FCpZtqtKETZ7O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 13, 2014 at 10:03:20AM -0400, Jeff Garzik wrote:
> That claim is horse manure :)  He never signed private emails sent to
> me, nor the forum posts.

That's consistent with what everyone else is saying:
https://twitter.com/petertoddbtc/status/509614729879642113

> He -might- have signed the occasional thing related to releases, I'm not =
sure.

Doesn't seem like there's any evidence of that either. For instance the
archive.org Jan 31st 2009 capture of bitcoin.org with v1.3 has a link to
his PGP key, but the release itself is unsigned:
https://web.archive.org/web/20090131115053/http://bitcoin.org/

Similarly the Nov 29 2009 capture of the sourceforge download directory
has releases v0.1.0, v0.1.2, v0.1.3, and v0.1.5, none of which have
signatures:

https://web.archive.org/web/20091129231630/http://sourceforge.net/projects/=
bitcoin/files/Bitcoin/

The earliest signature I can find is from v0.3.20 from Gavin Andresen:

https://web.archive.org/web/20110502125522/http://sourceforge.net/projects/=
bitcoin/files/Bitcoin/bitcoin-0.3.20/

Earliest sig in the git commit history is the v0.3.21 tag, again from
Gavin.


My best guess is Satoshi only created the PGP key in case
someone needed to send him a security-related bug report. Which leads to
a related question:

Do we have any evidence Satoshi ever even had access to that key? Did he
ever use PGP at all for anything?

--=20
'peter'[:-1]@petertodd.org
00000000000000000ce4f740fb700bb8a9ed859ac96ac9871567a20fca07f76a

--zx4FCpZtqtKETZ7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGrBAEBCACVBQJUFTWGXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAwY2U0Zjc0MGZiNzAwYmI4YTllZDg1OWFjOTZhYzk4NzE1
NjdhMjBmY2EwN2Y3NmEvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfv/VAf+IeWvhkS0f34Utvi/boR32yRb
8VpizQ+OxAEeLdU0Ot7lwqMbGCsrA8eiyHIiVXeVBv54DLW8AQ55Qt+ge/hirCsN
JZgE7pNt0YZKfxj2AdmCJiL18YuJUnlDd01OJWaz0tQLP6uBjhv2c3U+ZbMT5aBV
ehiyld8oz8/2dOjsnAf3h8VT4dyQK9L1PQmzXCXoASTPqBZubPdeRQGT/5OVXtc0
goZgW7GsL+o/0n5748HHde3xKvaWz0j6UiK5vhlUrLK5jHgifOhLuiC8enu0Z/3t
0fVnuws8aiciSZIluWa5ZzSX82HVQ+G781eXIa24jgHScrMvR5affPbmVZRQOw==
=D7bn
-----END PGP SIGNATURE-----

--zx4FCpZtqtKETZ7O--