Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XLFMj-0002Od-3i for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 17:44:37 +0000 X-ACL-Warn: Received: from nl.grid.coop ([50.7.166.116]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XLFMU-0002lZ-1j for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 17:44:37 +0000 Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nl.grid.coop with local; Sat, 23 Aug 2014 12:44:14 -0500 id 000000000006E26C.0000000053F8D2EE.00005766 Date: Sat, 23 Aug 2014 12:44:14 -0500 From: Troy Benjegerdes To: Peter Todd Message-ID: <20140823174414.GT22640@nl.grid.coop> References: <2302927.fMx0I5lQth@1337h4x0r> <20140823061701.GQ22640@nl.grid.coop> <20140823143215.GA18452@savin.petertodd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <20140823143215.GA18452@savin.petertodd.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XLFMU-0002lZ-1j Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Reconsidering github X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2014 17:44:37 -0000 On Sat, Aug 23, 2014 at 10:32:15AM -0400, Peter Todd wrote: > On Sat, Aug 23, 2014 at 01:17:01AM -0500, Troy Benjegerdes wrote: > > This is why I clone git to mercurial, which is generally designed around the > > assumption that history is immutable. You can't rewrite blockchain history, > > and we should not be re-writing (rebasing) commit history either. > > Git commits serve two purposes: recording public history and > communication. While for the purpose of recording history immutable > commits make sense, for the purpose of communicating to other developers > what changes should be added to that history you *do* want the mutable > commits that git's rebase functionality supports. Much like how > university math classes essentially never teach calculus in the order it > was developed, it is rare indeed for the way you happened to develop > some functionality to be the best sequence of changes for other > developers to understand why and what is being changed. > > Anyway, just because mercurial is designed around the assumption that > commit history is immutable doesn't mean it actually is; an attacker can > fake a series of mercurial commits just as easily as they can git > commits. The only thing that protects against history rewriting is > signed commits and timestamps. What I would really like is a frontend and/or integration to Git/Mercurial that uses Bitcoin transactions *as* the signature, which has the nice side effect of providing timestamps backed by the full faith and credit of a billion dollar blockchain. So what is the best way for me to stick both a git *and* a mercurial identity hash into a bitcoin transaction? (which leads to point 2 below) > > > The problem with github is it's too tempting to look at the *web page*, which > > is NOT pgp-signed, and hit the 'approve' button when you might have someone > > in the middle approving an unsigned changeset because you're in a hurry to > > get the latest new critical OpenSSL 0day security patch build released. > > > > We need multiple redundant 'master' repositories run by different people in > > different jurisdictions that get updated on different schedules, and have all > > of these people pay attention to operational security, and not just outsource > > it all to github because it's convenient. > > The easiest and most useful way to achieve that would be to have a > formal program of code review, perhaps on a per-release basis, that > reviewed the diffs between the previous release and the new one. Master > repos in this scenario are simply copies of the "master master" repo > that someone has manually verified and signed-off on, with of course a > PGP signature. > > If you feel like volunteering to maintain one of these repos, you may > find my Litecoin v0.8.3.7 audit report to be a useful template: > > https://bitcointalk.org/index.php?topic=265582.0 I'm not interested in volunteer, I'm interested in getting paid, and the best way I believe I can accomplish that is use *my* bitcoin address in a signature-transaction of the code I've reviewed. What is the advantage of PGP? Far more people have ECDSA public-private keys than PGP keys. -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash