This seems to not solve the problem for a variety of reasons, probably most trivially if Bitcoin is compromised you can't use Bitcoin to check if Bitcoin is compromised, so you need other software to validate the chain.
Regarding this particular attack, isn't it addressed by reproducible builds?
If the bitcoin software binaries are being replaced by nefarious actors, the hashes would conflict by those generated by source compilation. Is there a reason this doesn't work?
No, that works fine, and Bitcoin Core uses reproducible builds signed by many different people. The post seems to be attempting to address the chain of trust of the PGP keys instead, but whether it succeeds at doing so is questionable. Certainly if a "blockstack id" can only be owned by one person, it's worse.
7 comments
[ 5.9 ms ] story [ 22.0 ms ] threadIf the bitcoin software binaries are being replaced by nefarious actors, the hashes would conflict by those generated by source compilation. Is there a reason this doesn't work?