Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XLK4s-0003Dr-Vk for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 22:46:31 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.93 as permitted sender) client-ip=62.13.148.93; envelope-from=pete@petertodd.org; helo=outmail148093.authsmtp.net; Received: from outmail148093.authsmtp.net ([62.13.148.93]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XLK4r-0005ck-FO for bitcoin-development@lists.sourceforge.net; Sat, 23 Aug 2014 22:46:30 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s7NMjcoS085840; Sat, 23 Aug 2014 23:45:38 +0100 (BST) Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com [75.119.251.161]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s7NMjYqM085005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 23 Aug 2014 23:45:36 +0100 (BST) Date: Sat, 23 Aug 2014 18:45:22 -0400 From: Peter Todd To: Troy Benjegerdes Message-ID: <20140823224522.GA18381@savin.petertodd.org> References: <2302927.fMx0I5lQth@1337h4x0r> <20140823061701.GQ22640@nl.grid.coop> <20140823143215.GA18452@savin.petertodd.org> <20140823174414.GT22640@nl.grid.coop> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline In-Reply-To: <20140823174414.GT22640@nl.grid.coop> User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 3347658c-2b17-11e4-b396-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdAEUGUATAgsB AmIbWVdeVFh7WmQ7 bA9PbARUfEhLXhtr VklWR1pVCwQmQht/ e0R3E2RyfwBGeHs+ ZEBiWHgVX0d+ckB4 Sh1JFz8HYnphaTUb TRJbfgVJcANIexZF O1F6ACIKLwdSbGoL NQ4vNDcwO3BTJTpY RgYVKF8UXXNDJDM3 QBYZHDkiB0wDSG08 LgAmN1R0 X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 75.119.251.161/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1XLK4r-0005ck-FO Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Reconsidering github X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2014 22:46:31 -0000 --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 23, 2014 at 12:44:14PM -0500, Troy Benjegerdes wrote: What I would really like is a frontend and/or integration to Git/Mercurial= that > uses Bitcoin transactions *as* the signature, which has the nice side eff= ect of > providing timestamps backed by the full faith and credit of a billion dol= lar > blockchain. So what is the best way for me to stick both a git *and* a > mercurial identity hash into a bitcoin transaction? (which leads to poin= t 2 > below) A "bitcoin transaction" can't by itself serve as a signature, as there isn't any way to link the transaction to what you actually care about - a human being - without additional infrastructure. You may find it helpful to reflect back upon your 2nd and 3rd year courses on post-modernism and semiotics: Is a keypair in a public key cryptography system what is being signified, or is it merely a (posssibly false) signifier? If you just want to timestamp a git commit you can timestamp it in the Bitcoin blockchain. I have the code to do so in my python-bitcoinlib: examples/timestamp.py To check timestamps the following should work, although I haven't tried: bitcoind searchrawtransactions You do need the searchrawtransactions patch. I've personally timestamped most of the git tags for releases this way. > > If you feel like volunteering to maintain one of these repos, you may > > find my Litecoin v0.8.3.7 audit report to be a useful template: > >=20 > > https://bitcointalk.org/index.php?topic=3D265582.0 >=20 > I'm not interested in volunteer, I'm interested in getting paid, and the > best way I believe I can accomplish that is use *my* bitcoin address in a > signature-transaction of the code I've reviewed. >=20 > What is the advantage of PGP? Far more people have ECDSA public-private= =20 > keys than PGP keys. PGP of course has vast amounts of identity infrastructure already developed for it, infrastructure that simply doesn't exist for "Bitcoin addresses" In any case you'll be happy to know that secp256k1 has been added to the GPG development branch, which means you can sign your code with a ECDSA key corresponding to a Bitcoin address if you wish too. --=20 'peter'[:-1]@petertodd.org 000000000000000006fb87cb8ec6e0981b134953f1916c513f7210b534a94b8b --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJT+Rl8XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAyMzkzNDRmYzUzMmJiYWQ4YTY3OWUzZmMzMGU4OTAwNzcy NTIzYTEwYzQ3MjBhMGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfu5dAf+NihDfBuVD2HCvi2v5v6cdboV 098+pbCzsTDajzOMpkq2QK4Y3TaB8dRFGEiiJhr5HeJA76m7eK49nvvwzbitAA17 YH5Y6SUUUYsDWJNfWSeT5hhwebR0nGWtERcAsxKDIcGjMudrfQ0/ozsdP1TSyPeR GfPqah3KfTvJvFOzqmCcqeLo4dZ7DnmYBm9BNFqESen51hdHRMmln6g9LuqbkHgc rJcIi9MO+D6lU7q5EX40U/iAA2hwudmLzhjDhQ+2E0Pice3TkBMYbbe0FEJN7dAZ +mu/Xc6S+hzxy1/0JD4HwoAAxJwf++pN8jBRLX6ukdfKrCP2aWJia6GqLVOeHg== =b5e2 -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC--