From: Mark Friedenbach <mark@monetize•io>
To: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
Date: Fri, 23 May 2014 09:38:02 -0700 [thread overview]
Message-ID: <537F796A.2040009@monetize.io> (raw)
In-Reply-To: <CA+s+GJBJKQqsJHzdHvw0-r3mmvbRMDpUrWFj2O2-RXkpgGLO7g@mail.gmail.com>
I know the likelihood of this happening is slim, but if these are the
desired features we should consider switching to monotone (monotone.ca)
which has a much more flexible DAG structure and workflow built around
programmable multi-sig signing of commits. We could still maintain the
github account as a two-way repository interface, but acceptance of a
pull request would require some threshold signature sign-off in monotone.
I would seriously suggest anybody on this list exploring monotone if you
haven't already, at least for your personal projects if it is too late
to make that choice for bitcoin. Besides the benefits of using it, we
should be supporting build infrastructure that enables less trusted,
less centralized development.
http://www.monotone.ca/
Mark
On 05/23/2014 12:12 AM, Wladimir wrote:
> On Thu, May 22, 2014 at 8:06 PM, Jeff Garzik <jgarzik@bitpay•com> wrote:
>> Related: Current multi-sig wallet technology being rolled out now,
>> with 2FA and other fancy doodads, is now arguably more secure than my
>> PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
>> wallet (set of keys), with all the associated theft/data
>> destruction/backup risks.
>>
>> The more improvements I see in bitcoin wallets, the more antiquated my
>> PGP keyring appears. Zero concept of multisig. The PGP keyring
>> compromise process is rarely exercised. 2FA is lacking. At least
>> offline signing works well. Mostly.
>
> Would be incredible to have multisig for git commits as well. I don't
> think git supports multiple signers for one commit at this point -
> amending the signature replaces the last one - but it would allow for
> some interesting multi-factor designs in which the damage when a dev's
> computer is compromised would be reduced.
>
> Sounds like a lot of work to get a good workflow there, though.
>
> My mail about single-signing commits was already longer than I
> expected when I started writing there. Even though the process is
> really simple.
>
> Though if anyone's interest is piqued by this, please pick it up.
>
> Wladimir
>
next prev parent reply other threads:[~2014-05-23 16:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-21 12:23 Wladimir
2014-05-21 16:39 ` Chris Beams
2014-05-21 17:10 ` Wladimir
2014-05-21 20:30 ` Mark Friedenbach
2014-05-21 21:02 ` Gregory Maxwell
2014-05-22 18:06 ` Jeff Garzik
2014-05-23 0:25 ` Peter Todd
2014-05-23 7:12 ` Wladimir
2014-05-23 16:38 ` Mark Friedenbach [this message]
2014-05-23 16:48 ` Kyle Jerviss
2014-05-23 17:32 ` Gregory Maxwell
2014-05-23 10:23 ` Wladimir
2014-06-09 15:34 ` Chris Beams
2014-05-21 20:25 ` David A. Harding
2014-05-22 1:09 ` Chris Beams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537F796A.2040009@monetize.io \
--to=mark@monetize$(echo .)io \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox