Author: Drak 2013-12-19 18:05:51
Published on: 2013-12-19T18:05:51+00:00
The debate over whether or not to sign every commit is one that has been covered extensively. While Linus Torvalds advises against signing each commit, Peter Todd argues that it is necessary for the Bitcoin community to use per-commit signatures due to the reliance on third-party sites like Github. The Linux development model differs from that of Bitcoin and uses mailing lists to pass around code while maintaining accountability with trusted maintainers committing to personal trees on secure computers. Eventually, multiple patches are merged into a release tag, which is signed. In contrast, Bitcoin developers often get code directly from Github and must rely on per-commit signatures to ensure that commits are authentic. Todd believes that the focus should be on the messaging layer, suggesting the use of OpenPGP and SSL certificate authorities rather than creating new identity systems that can increase the risk of MITM attacks.
Updated on: 2023-06-07T22:39:37.003620+00:00