Skip to content

Distrust the Infrastructure #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Rspigler opened this issue Feb 12, 2021 · 3 comments
Open

Distrust the Infrastructure #132

Rspigler opened this issue Feb 12, 2021 · 3 comments

Comments

@Rspigler
Copy link
Contributor

Attached is the Level 3 PDF

Let's build out the Github (and link the website to it) in a similar way Bitcoin Core does with their Gitian Sigs.

We can have a repo for the PDF, where folders are then versioned PDFs, with subfolders being community members signatures and key info (which could be uploaded through setting issues in that repo). See: https://github.com/bitcoin-core/gitian.sigs

@JWWeatherman @willweatherman

Yeti_Level_3_PDF.pdf
@Rspigler Rspigler mentioned this issue Feb 12, 2021
Open
@Rspigler
Copy link
Contributor Author

Rspigler commented Feb 13, 2021
edited
Loading

The readme for the PDF Repo should be my key, key info, and signature (here: #133), as well as an explanation of the process:

This is a repo for a PDF of the Level 3 wallet creation process, which enables you to create the wallet in the same manner without placing trust in any infrastructure (website, server, DNS service, etc). Please see Releases for the most recent PDF.

Uploaded below are Robert Spigler's PGP key, key info, as well as his detached signature on the PDF. Running gpg --verify [path to PDF_Signature.txt] [path to Yeti_Level_3_PDF.pdf] should return

gpg: Signature made Fri 12 Feb 2021 01:11:21 AM EST
gpg: using RSA key 7F858A1CD184F695B3B1BCB452C7B02FC790F3F0
gpg: Good signature from "Robert Spigler [email protected]" [ultimate]
Primary key fingerprint: BF0D 3C08 A439 5AC6 11C1 5395 B70B 4A77 F850 548F
Subkey fingerprint: 7F85 8A1C D184 F695 B3B1 BCB4 52C7 B02F C790 F3F0

Do not worry about a warning regarding certification and whether the key belongs to the owner. This is regarding the difficulty of authentication, and is discussed in the PDF, as well as below. This is because your computer has not seen this key before.

Robert's Primary Fingerprint listed above and in the output of your verification (BF0D 3C08 A439 5AC6 11C1 5395 B70B 4A77 F850 548F) is also in the PDF. You should also verify on other platforms (such as Robert's Twitter, his website, forum posts, and podcasts) that this is indeed his key. Doing so ensures that the PDF was written by Robert, signed by Robert, and that no change to the document has taken place between Robert writing it, and it being displayed on your computer.

You can view the version subfolder to see other community members attesting to the validity of Robert's signature on the document, and add your own if you'd like by creating an issue.

@Rspigler Rspigler mentioned this issue Feb 14, 2021
Open
@Rspigler
Copy link
Contributor Author

I am in the process of creating a v1 PDF which will include how to create the bootable Ubuntu USB on Mac/Windows and how to verify the Ubuntu ISO on Mac/Windows

@Rspigler Rspigler mentioned this issue Mar 13, 2021
Open
@Rspigler
Copy link
Contributor Author

Rspigler commented Oct 8, 2021

bump @JWWeatherman @willweatherman

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rspigler