[geekcrypt] Re: Binary Signing

  • From: Bill Cox <waywardgeek@xxxxxxxxx>
  • To: geekcrypt@xxxxxxxxxxxxx
  • Date: Thu, 5 Jun 2014 17:39:38 -0400

On Thu, Jun 5, 2014 at 5:12 PM, PID0 <p1dz3r0@xxxxxxxxx> wrote:

> Hash: SHA1
> We'd likely have to hash the binaries (with SHA512) and then digitally
> sign the hashes.

That makes sense.  I think it's pretty clear you have a better feel for
security than I do.  I think we should figure out a straw-man set of
initial devs.  I don't know if there should be a "tech lead" dev, but if we
have one, I nominate you.

The next guy I'm impressed with most is Frank, though I don't know if we
need a 1st, 2nd, 3rd sort of ranking.  He's doing better work than me,
though.  I'd like to be one of the core devs, but if a couple more guys
show up with more cred then me, I'll step aside.  I think 3-5 is optimal.
If you guys agree, would the current list include:

Chris - possible tech lead?

I believe both Stephen and Niklas are a bit inexperienced (for now) to be
core devs, but I am often mistaken!  There was another guy who sounded
really good who is off doing a derivation of all the source from way back
in the early days of TrueCrypt, and if he shows up, I think he'd be a great

Should we have a quick vote or something like that to informally get


Other related posts: