> A lot of people run Bitcoin Core directly from the github repo without checking the git commit signatures; someone who pushed a backdoored commit to that repo could easily steal funds.
No one should be running Bitcoin Core from the repo without checking git commit signatures; not everyone whose account gets hacked will post on a blog rather than pushing underhanded but otherwise normal looking commits to the repo - the 'we can prevent damage by revoking access because we saw a weird looking blog post' is just a laughbly bad excuse for a security practice.
No one should be running Bitcoin Core from the repo without checking git commit signatures; not everyone whose account gets hacked will post on a blog rather than pushing underhanded but otherwise normal looking commits to the repo - the 'we can prevent damage by revoking access because we saw a weird looking blog post' is just a laughbly bad excuse for a security practice.