[geekcrypt] Re: Binary Signing
- From: Bill Cox <waywardgeek@xxxxxxxxx>
- To: geekcrypt@xxxxxxxxxxxxx
- Date: Thu, 5 Jun 2014 17:39:38 -0400
On Thu, Jun 5, 2014 at 5:12 PM, PID0 <p1dz3r0@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We'd likely have to hash the binaries (with SHA512) and then digitally
> sign the hashes.
>
That makes sense. I think it's pretty clear you have a better feel for
security than I do. I think we should figure out a straw-man set of
initial devs. I don't know if there should be a "tech lead" dev, but if we
have one, I nominate you.
The next guy I'm impressed with most is Frank, though I don't know if we
need a 1st, 2nd, 3rd sort of ranking. He's doing better work than me,
though. I'd like to be one of the core devs, but if a couple more guys
show up with more cred then me, I'll step aside. I think 3-5 is optimal.
If you guys agree, would the current list include:
Chris - possible tech lead?
Frank
Bill
I believe both Stephen and Niklas are a bit inexperienced (for now) to be
core devs, but I am often mistaken! There was another guy who sounded
really good who is off doing a derivation of all the source from way back
in the early days of TrueCrypt, and if he shows up, I think he'd be a great
candidate.
Should we have a quick vote or something like that to informally get
started?
Bill
Other related posts:
