@orionwl wonder if this would be a good time to try bip322 sigs for releases?
@ajtowns @orionwl Web-of-trust works for it's intended audience: people who are taking the time to actually verify something rather than just relying on their web browsers.
Re: multisig, just sticking a few different signatures on releases manually is fine. Anyone verifying this stuff to that level is verifying it manually anyway. And PGP *does* allow for multiple signatures on one file, even in things like git commits.
@pete huh? I thought Web of trust was basically widely recognised as a failure at this point. "X signed Y's key" is hard to assign meaning to if you don't both trust X and know their signing policy, misty people's signing policies are terrible unless they're cryptographers, and the tooling for verification is horrible? How is someone new to bitcoin supposed to use the web of trust to validate a release key?
@ajtowns Yeah, current implementations suck. It's still *far* better than the alternatives of blindly trusting certificate authorities, or just hoping that the first key you downloaded was right.
Again, none of this is relevant to the actual target market for PGP signatures: experts willing to put in the time to do things properly and think through the basis for their trust.
@pete uh, if you're only putting release signatures on for cryptography experts, what's everyone else meant to do to avoid running malware? Of we encouraged distros too ship bitcoin that would be one thing, but we discourage that...
@ajtowns By the time you implement that, you could have just slapped multiple PGP sigs on one file and told your auto-update tool what to do. And that's easier to verify by hand by the experts who are double-checking things.
Note that you *literally* can concatenate the ascii-encoded sigs, and they'll verify just fine with GnuPG. We've actually done this before for a public announcement; I've done it on git commits.
@pete yes, that was precisely one of the failure modes for apt. If you're doing a single key or assuming you're dealing with people who know when to say "that's sus" vs "that's just the mailing list screwing up text encoding", gpg is fine, but sounds like were moving outside those boundaries.
@pete to be clear: i don't mean to criticise gpg; I'd tried doing some of this stuff with the original pgp - gpg is the most beautiful thing ever in existence
@pete bip322 is relatively easy to adapt for both multiple signers and automated validation of updates, at least for Bitcoin's use case. I think doing either with gpg is essentially a research problem.