> A lot of people run Bitcoin Core directly from the github repo without checking the git commit signatures; someone who pushed a backdoored commit to that repo could easily steal funds.

No one should be running Bitcoin Core from the repo without checking git commit signatures; not everyone whose account gets hacked will post on a blog rather than pushing underhanded but otherwise normal looking commits to the repo - the 'we can prevent damage by revoking access because we saw a weird looking blog post' is just a laughbly bad excuse for a security practice.

> A lot of people run Bitcoin Core directly from the github repo without checking the git commit signatures

What? Why?

Same reason people do curl | sudo bash

Yeah right, from someone who has been waiting to attack Gavin.

When you posted your tweet, what were you talking about? Why did you say his repo access had been altered?

Like someone wouldn't notice it in two second.

Commit signatures do nothing to verify that his device wasn't hacked, it just verifies that someone got access to his key. Geeze this is just stupidity all the way down.

In addition to having the access keys to github, it also requires access to the secret in the pgp key which gives you identity proof. Ideally that's password protected too.

It's defense in depth.

That password is potentially ten lines down in the keylogger report. Depth isn't as deep as you think.

If you were actually concerned about someone being compromised why wouldn't you make a new account for Gavin and give him a new password?

This looks like an obvious attempt at furthering your agenda by using a a nonsense excuse to push Gavin out.

EDIT: I see downvotes but not a rebuttal.

How do you make sure the real Gavin gets the account? Why not just wait for things to clear out and then give him access again. And I guess he can still submit pull requests in case he needs to get a change in.

We aren't putting letters into bottles and throwing them into the ocean, they could video conference with each other easily.

This is all a facade from people who think everyone is dumb enough to believe them. Its like a child being caught with chocolate all over their face saying they didn't steal a candy bar.