Temporarily relax 3-signature policy for reproducible builds?

[JeremyRand]

From #namecoin-meeting:

Mar 06 19:39:14 <Jeremy_Rand>   Bitcoin's policy is to not post binaries until 3 devs have reproduced the hashes
Mar 06 19:40:02 <Jeremy_Rand>   I tried this policy with rc1, but none of the other Gitian users here (midnightmagic, jonasbits, jbisch) were able to quickly post their hashes
Mar 06 19:40:51 <Jeremy_Rand>   So, would it make sense as a temporary policy for Namecoin, to post binaries after one dev has posted hashes, with a big warning saying that it shouldn't be trusted until more people have verified the hashes?
Mar 06 19:42:06 <qpm>   freenode:<Erkan_Yilmaz> what means "quickly" exactly ? <5h <24h <48h <1 week
Mar 06 19:42:24 <qpm>   freenode:<Erkan_Yilmaz> 2. and how did you verify that it was really those users and not someone mimicking them ?
Mar 06 19:42:47 <Jeremy_Rand>   Erkan_Yilmaz: by the time 0.12.0 rc2 was tagged, I was the only one who had posted Gitian hashes of rc1
Mar 06 19:43:05 <Jeremy_Rand>   At which point I stopped reminding them, since it would have been obsolete
Mar 06 19:43:47 <Jeremy_Rand>   Erkan_Yilmaz: Gitian has a nice signature system, so if you have the GPG pubkeys of the various developers, Gitian can automatically verify that the build is trustworthy and tell you who reproduced the hashes
Mar 06 19:44:17 <qpm>   freenode:<Erkan_Yilmaz> I see
Mar 06 19:44:19 <Jeremy_Rand>   Bitcoin has the GPG pubkeys of the Gitian signers in their repo; we should probably do so as well
Mar 06 19:45:07 <qpm>   freenode:<cassiniNMC> ACK
Mar 06 19:46:02 <Jeremy_Rand>   cassiniNMC: are you ACKing posting binaries when 1 dev has posted Gitian sigs, or are you ACKing putting GPG pubkeys of the devs in the GitHub repo?
Mar 06 19:46:27 <qpm>   freenode:<cassiniNMC> both
Mar 06 19:46:29 <Jeremy_Rand>   ok
Mar 06 19:46:54 <Jeremy_Rand>   sounds good

So, opinions on the following policy?

1. 1 Gitian signature from a developer is sufficient to upload a binary, with a warning that it doesn't have enough signatures to be considered reliably reproducible.
2. 3 Gitian signatures from developers are sufficient to remove the aforementioned warning.
3. If a current release does not have at least 3 Gitian signatures, then the newest prior release that does have at least 3 Gitian signatures will also be listed.
4. All of the above provisions are temporary, and should be reviewed for continuing necessity before the end of 2016.

[JeremyRand]

@josephbisch, @jonasbits, @midnightmagic, @ryancdotorg, do you think the above would be helpful, or would it make more sense to just pester the Gitian builders until they've built it? (I know I did a lousy job of pestering you for nc0.12.0rc1 :) )

[midnightmagic]

Ah, yes I like all this. ACK, as they say.

[josephbisch]

It would be nicer to have more than one Gitian signature required for the binary upload, but the binary upload may realistically never happen if we require more than one signature given there are only five potential people building here.

ACK

[jonasbits]

I will do an effort to try to build and sign with Gitian

[JeremyRand]

@brandonrobertz has joined the Namecoin Gitian club, so tagging him here to get his opinion.

That said, sounds like we have a pretty good consensus that the proposed rule changes are good. If Brandon agrees with the proposal as well, I'll add a note accordingly to the Release Process document.

[brandonrobertz]

Sounds good to me.