Bitcoin Forum

I have another proposition:

There should be a site, like https://www.bitcoin.org/signatures where there are SHA1/MD5/SHA256 signatures of every file that is avaiable for download on bitcoin.org.
This way, there will be a 100% cracker-resistant way to know that one is downloading unmodified/unhacked files.

For now, the only way to know we have a "clean" bitcoin is to download the source, pull changes from github and review them yourself, which is probably not very good for starters/noobs.
After all, latest events concerning Facebook & Tunisia government (http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBgQFjAB&url=http%3A%2F%2Fit.slashdot.org%2Fstory%2F11%2F01%2F24%2F2017242%2FHow-Facebook-Responded-To-Tunisian-Hacks&rct=j&q=tunisia%20facebook%20slashdot&ei=b9o-TaeQOMKy8gPagqXqCA&usg=AFQjCNGa_wPSq5RTEbH_tb50vVqgSeDFtA&cad=rja), show that it's not very hard to imagine governments or ISPs modifying bitcoin binaries to place trojan horses in them.

What do you think ? This shouldn't be verry hard to do - i mean how hard it is to setup a single static HTML page on HTTPS ?

I think digital signed src by authors of the code is better. And already in a git it works fine. Gavin could put a tags with his sign as Linus already doing this:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.37.y.git;a=tag;h=refs/tags/v2.6.37

The average user does not need the source code - for him program builded by a maintainer into packages. Software packages also have signatures, format depends from your OS.

I have a deja vu - we've already discussed it

Relying on HTTPS allows every certificate authority and their sub-authorities to break the authentication, even though bitcoin.org is self-signed. HTTPS should not be used for important authentication problems.

There are plugins for firefox which alert you every time a certificate changes, just like in SSH.
https://addons.mozilla.org/pl/firefox/addon/certificate-patrol/

And even if you're not using plugins, my proposition is much better than nothing, isn't it ?

I use it. And I removed most of my CAs. :)


Yes, but the releases should just be PGP signed by Satoshi. Then there's no chance of third-party contamination.

That's the problem right there. They should be.
So if they aren't yet, wouldn't it be like a 5 minute job for site admin to add one static HTTPS page with signatures included ?

I mean I'm proposing a quick working fix, and later when Satoshi signs all binaries himself, this will no longer be needed.

I just had another revelation:

Signing binaries by satoshi usign PGP is no solution at all.
Why ?
Because when Satoshi's public PGP key will be avaiable over HTTP, not HTTPS, governments/ISPs still will be able to change it on the fly using their proxies/filters.

This is a chicken-egg problem.

This is solved by the PGP web of trust. I'm sure many of us would sign Satoshi's key (which has already been public for a long time), but I think this is generally considered rude to do without permission.

The SHA-1 hashes are already listed on the front page, which can be accessed with HTTPS.

So i was talking like it wasn't done, and it worked all the time... Stupid me.
Closing thread.