On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote: > On Tue, Dec 31, 2013 at 5:39 AM, Drak <d...@zikula.org> wrote: > > The NSA has the ability, right now to change every download of bitcoin-qt, > > on the fly and the only cure is encryption.
No, the only cure is the check the hashes. We should know something about hashes here. TLS is a big pile of 'too big to audit'. Spend a couple of satoshis and put the hash of the source tar.gz and the binaries in the blockchain. Problem solved. <snipped> > The downloads are protected by something far stronger than SSL > already, which might even have a chance against the NSA. Actual > signatures of the downloads with offline keys. > > I'm all pro-SSL and all that, but you are— piece by piece— really > convincing me that it produces an entirely false sense of security > which is entirely unjustified. I used to think encryption was important, and this exchange convinced me that kerberized telnet with no encryption but with integrity checking would be far more secure than 'secure' shell. Also, there's some organization that's inserting malicious memes that try to get me to buy shit below my signature. How about we move the mailing list? I've run mailman servers before, and there's also http://savannah.gnu.org/maintenance/WhyChooseSavannah/ -- Troy (da hozer) ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
