Threshold signing for releases #20977

issue laanwj opened this issue on January 21, 2021
  1. laanwj commented at 5:00 PM on January 21, 2021: member

    For signing the SHA256SUMS.asc in the distribution I would like to move away from using a signing key that I solely, personally possess. I'm not entirely sure how, threshold signing is only a possibility there might be others.

    I think it would be ideal if we could distribute the process over multiple people, like a M out of N scheme. For example, a few (relatively) trusted gitian builders.

    The resulting signature should ideally be verifiable in the same way as it is now (with gnupg), getting people to adapt a custom tool for validation is going to be difficult.

  2. laanwj added the label Feature on Jan 21, 2021
  3. laanwj added the label Build system on Jan 21, 2021
  4. fanquake commented at 8:12 AM on January 22, 2021: member

    Concept ACK

  5. MarcoFalke commented at 8:27 AM on January 22, 2021: member

    Accumulating the signatures in the SUMS file itself would be easier to implement, but I guess moves more responsibility to the user, as they need to define the K (of N) people they want to check the signature from. See https://twitter.com/LukeDashjr/status/1352418568978247683

    Concept ACK either way

  6. theStack commented at 3:54 PM on January 22, 2021: member

    Concept ACK

  7. laanwj commented at 11:06 AM on January 25, 2021: member

    Accumulating the signatures in the SUMS file itself would be easier to implement, but I guess moves more responsibility to the user, as they need to define the K (of N) people they want to check the signature from.

    Hmm good point. There was some trick to have multiple signatures for a clear-signed PGP file. But no way to add rules like that.

  8. practicalswift commented at 11:08 AM on January 26, 2021: contributor

    Concept ACK

  9. MarcoFalke commented at 4:12 PM on January 13, 2022: member

    Is this still an issue after switching to guix-attestations?

  10. laanwj closed this on Apr 14, 2022
  11. laanwj commented at 5:49 AM on April 14, 2022: member

    No, I don't think so.

  12. DrahtBot locked this on Apr 14, 2023
Contributors
laanwjfanquakeMarcoFalketheStackpracticalswift
Labels
FeatureBuild system
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me