Re: [Bitcoin-development] Signing release binaries

2012-07-30 Thread Peter Pauly
I'd like to see the binaries signed with gpg, independent of any signatures required for various operating systems. I can't imagine a worse scenario than the bitcoin.org site being hacked and the binaries replaced with wallet-stealing code. All of the developers seem to have gpg keys, how hard

[Bitcoin-development] Signing release binaries

2012-07-29 Thread Mike Hearn
MacOS X 10.8 makes application signing borderline mandatory, in that you cannot run unsigned apps unless you tweak your settings via the control panel. You must sign with a certificate issued by Apple via their identified developer program. Windows allows but does not require signing. However,

Re: [Bitcoin-development] Signing release binaries

2012-07-29 Thread Peter Vessenes
This is a good idea. I think I can come up with the cash, I will follow up with gavin. Sent from my smartphone! On Jul 29, 2012, at 7:18 PM, Mike Hearn m...@plan99.net wrote: MacOS X 10.8 makes application signing borderline mandatory, in that you cannot run unsigned apps unless you tweak

Re: [Bitcoin-development] Signing release binaries

2012-07-29 Thread Luke-Jr
On Sunday, July 29, 2012 10:17:51 AM Mike Hearn wrote: I guess Gavin would be the final signer. Considering that Gavin is not interested in participating in any way in the stable versions, I would prefer to see someone else responsible for OS-vendor signing.

Re: [Bitcoin-development] Signing release binaries

2012-07-29 Thread Cameron Garnham
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm not a vendor, however I have a code-signing key for windows; I could sign the windows installer and binary. On 30/07/2012 3:15 AM, Luke-Jr wrote: On Sunday, July 29, 2012 10:17:51 AM Mike Hearn wrote: I guess Gavin would be the final signer.