Author: Peter Todd 2014-05-23 00:25:49
Published on: 2014-05-23T00:25:49+00:00
The author of the message has a PGP smart card reader and card with a securely generated key and pin entered per signature. They mention that having a single maintainer signing commits isn't enough and that PGP isn't perfect, but "perfect is the enemy of good." Jeff Garzik mentions that current multi-sig wallet technology being rolled out now, with 2FA and other fancy doodads, is arguably more secure than his PGP keyring. He likens his PGP keyring to a non-multisig wallet (set of keys), with all the associated theft/data destruction/backup risks. He thinks that improvements in bitcoin wallets make his PGP keyring appear antiquated and that it lacks 2FA. However, he does note that offline signing works well, mostly.
Updated on: 2023-06-08T23:12:17.003121+00:00