Commit signatures do nothing to verify that his device wasn't hacked, it just ve... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tacos on May 2, 2016 | parent | context | favorite | on: Gavin Andresen's commit access to Bitcoin revoked,...

Commit signatures do nothing to verify that his device wasn't hacked, it just verifies that someone got access to his key. Geeze this is just stupidity all the way down.

bluejekyll on May 2, 2016 [–]

In addition to having the access keys to github, it also requires access to the secret in the pgp key which gives you identity proof. Ideally that's password protected too.

It's defense in depth.

tacos on May 2, 2016 | [–]

That password is potentially ten lines down in the keylogger report. Depth isn't as deep as you think.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact