In case you didn't see this yet,
http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
If you're using PGP to verify Bitcoin downloads, it's very important that
you check you are using the right key. Someone seems to be creating fake
PGP keys that are used to sign popular pieces of crypto software, probably
to make a MITM attack (e.g. from an intelligence agency) seem more
legitimate.
I think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign
the Windows binaries? If not it'd be a good idea, if only because AV
scanners learn key reputations to reduce false positives. Of course this is
not a panacea, and Linux unfortunately does not support X.509 code signing,
but having extra signing can't really hurt.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
