Re: [Bitcoin-development] bitcoin pull requests

[grarpamp]

 gpg signing commits, like the Linux kernel

 Though, honestly, when I ACK that means I read the code, which is more
 important than the author really.  github seems fine for that still,
 though I do wonder if there is a race possible,

 * just before I click pull, sneak rebases the branch to something evil


You might want to look at http://www.monotone.ca/, it does a good job
of integrating crypto and review primitives into the workflow.
It also has some reliable network distribution models (netsync) that work
well over things like Tor, in case a new developer (or old Satoshi) doesn't
wish to be in the public light.

http://www.monotone.ca/monotone.html

Once you have the crypto, it always boils down to human risk factors,
rogue, password, cracks, etc which are harder.

--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] bitcoin pull requests

[Gavin Andresen]

I would rather we spend time working to make users' bitcoins safe EVEN IF
their bitcoin software is compromised.

Eliminate the if you get a bad bitcoin-qt.exe somehow you're in big
trouble risk entirely, instead of worrying about unlikely scenarios like a
timing attack in between ACKs/pulls. Eliminate one piece of software as the
possible single point of failure...

-- 
--
Gavin Andresen
--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] bitcoin pull requests

[grarpamp]

 Users will have available multisig addresses which require
 transactions to be signed off by a wallet HSM. (E.g. a keyfob

Hardware is a good thing. But only if you do the crypto in the
hardware and trust the hardware and its attack models ;) For
instance, the fingerprint readers you see everywhere... many
of them just present the raw fingerprint scan to the host (and
host software), instead of hashing the fingerprint internally and
using that as primitive in crypto exchanges with the host. They
cheaped out and/or didn't think. So oops, there went both your
security (host replay) and your personal privacy (biometrics),
outside of your control. All with no protection against physical
fingerprint lifting.

 This doesn't remove the need to improve repository integrity. ... but
 repository integrity is a general problem that is applicable to many
 things (after all, what does it matter if you can't compromise Bitcoin
 if you can compromise boost, openssl, or gcc?)

Yes, that case would matter zero to the end product. However
having a strong repo permits better auditing of the BTC codebase.
That's a good thing, and eliminates the need to talk chicken and
egg.

 It's probably best
 that Bitcoin specalists stay focused on Bitcoin security measures, and
 other people interested in repository security come and help out
 improving it.  An obvious area of improvement might be oddity
 detection and alerting:  It's weird that I can rewrite history on
 github, so long as I do it quickly, without anyone noticing.

If no one is verifying the repo, sure, even entire repos could be
swapped out for seemingly identical ones.

Many repos do not have any strong internal verification structures
at all, and they run on filesystems that accept bitrot.
Take a look at some OS's... OpenBSD and FreeBSD, supposedly
the more secure ones out there... both use legacy repos on FFS.
Seems rather ironic in the lol department.

Thankfully some people out there are finally getting a clue on these
issues, making and learning the tools, converting and migrating
things, working on top down signed build and distribution chain, etc...
so maybe in ten years the opensource world will be much farther
ahead. Or at least have a strong audit trail.

--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development