search

JWWeatherman / yeticold

https://yeticold.com
Other
67 stars 24 forks source link

Distrust the Infrastructure #132

Open Rspigler opened 3 years ago

Rspigler commented 3 years ago

Attached is the Level 3 PDF

Let's build out the Github (and link the website to it) in a similar way Bitcoin Core does with their Gitian Sigs.

We can have a repo for the PDF, where folders are then versioned PDFs, with subfolders being community members signatures and key info (which could be uploaded through setting issues in that repo). See: https://github.com/bitcoin-core/gitian.sigs

@JWWeatherman @willweatherman

Yeti_Level_3_PDF.pdf

Rspigler commented 3 years ago

The readme for the PDF Repo should be my key, key info, and signature (here: https://github.com/JWWeatherman/yeticold/issues/133), as well as an explanation of the process:

This is a repo for a PDF of the Level 3 wallet creation process, which enables you to create the wallet in the same manner without placing trust in any infrastructure (website, server, DNS service, etc). Please see Releases for the most recent PDF.

Uploaded below are Robert Spigler's PGP key, key info, as well as his detached signature on the PDF. Running gpg --verify [path to PDF_Signature.txt] [path to Yeti_Level_3_PDF.pdf] should return

gpg: Signature made Fri 12 Feb 2021 01:11:21 AM EST gpg: using RSA key 7F858A1CD184F695B3B1BCB452C7B02FC790F3F0 gpg: Good signature from "Robert Spigler RobertSpigler@ProtonMail.ch" [ultimate] Primary key fingerprint: BF0D 3C08 A439 5AC6 11C1 5395 B70B 4A77 F850 548F Subkey fingerprint: 7F85 8A1C D184 F695 B3B1 BCB4 52C7 B02F C790 F3F0

Do not worry about a warning regarding certification and whether the key belongs to the owner. This is regarding the difficulty of authentication, and is discussed in the PDF, as well as below. This is because your computer has not seen this key before.

Robert's Primary Fingerprint listed above and in the output of your verification (BF0D 3C08 A439 5AC6 11C1 5395 B70B 4A77 F850 548F) is also in the PDF. You should also verify on other platforms (such as Robert's Twitter, his website, forum posts, and podcasts) that this is indeed his key. Doing so ensures that the PDF was written by Robert, signed by Robert, and that no change to the document has taken place between Robert writing it, and it being displayed on your computer.

You can view the version subfolder to see other community members attesting to the validity of Robert's signature on the document, and add your own if you'd like by creating an issue.

Rspigler commented 3 years ago

I am in the process of creating a v1 PDF which will include how to create the bootable Ubuntu USB on Mac/Windows and how to verify the Ubuntu ISO on Mac/Windows

Rspigler commented 3 years ago

bump @JWWeatherman @willweatherman