drwasho · August 29, 2015 14:08
diff --git a/drwashosig_OpenBazaar b/drwashosig_OpenBazaar
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 Migration of our project funds to a multisig address.
 =====================================================

 We, the undersigned core developers of OpenBazaar, have decided with consensus
 on the following on November 4th, 2014:

 Because of the facts that:

 (1) Developers can be malicious

 Our threat model involves powerful agents at play. These can include malicious
 governments who have the ability to issue secret warrants legally requiring
 developers to take certain actions. We therefore follow a trust-but-verify
 model in all our development process. As such, certain developers of the
 project may in the future be legally required to perform actions that they do
 not agree with, without the ability to communicate this fact to others. Through
 multisig, we are requiring at least one more developer to perform a check on
 financial decisions as a safety-net.

 (2) Mistakes happen

 We are human and often make mistakes. This can include lost wallet keys,
 or destroyed laptops. Multisig will allow us to migrate our funds in case one
 developer loses their keys.

 We also sometimes make transactions that may be incorrect. A second pair of
 eyes is good to make sure we don't burn our funds or we don't send them to the
 wrong third party.

 (3) Developers can become unavailable

 Developers may become unavailable for various reasons such as accident or
 death. We do not want to depend on one individual for all our funds. In case of
 unavailability, multisig allows us to move our funds to a new address.

 (4) Dictatorship is evil

 We take team decisions with consensus. However, sometimes consensus cannot be
 reached. We have never had this problem in our team yet, but it is bound to
 happen in the future. In cases where consensus cannot be reached, an individual
 developer should not have the power to act solely as a dictator and enforce
 their opinion. Multisig requires at least one more party to consent. This acts
 as a safety net.

 (5) Transparency is good

 We believe in a transparent development model. All our code is open source. We
 interact with the community through public chat on IRC, on a public subreddit,
 and in forums, all viewable by anyone. We plan features and submit bug reports
 through GitHub issues, which are public. Anyone is able to criticize us through
 these channels directly, even pseudonymously.

 As of Beta 3, we are also making all all-hands developer video calls publicly
 available through live streaming, and they are recorded for future reference.
 We wish to be held accountable for our actions, and we invite the criticism of
 the community.

 In this direction, as we are funded through donations, we believe the public
 should know exactly how much money we have and where and when exactly it is
 spent. By publishing our multisig address, we submit our financial records to
 public scrutiny.

 Now, therefore, we are announcing the following:

 (1) Ownership of public keys

 Each of us controls one of the following public bitcoin keys. We are
 providing bitcoin signatures as proof that we are in control of each.


 Brian Hoffman:

 *Address*: 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo
 *Uncompressed Pubkey*:
 04b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd3985
 *Message*: This is Brian and I own 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo
 *Signature*:
 IHb6uWPR1mGxl85YDfPN1trD6ybLeeH0FotTWrUr2W+lcDLiM5iXompDaMJxFg3MwFQpto5cInFrPyooFw+/60I=

 Sam Patterson:

 *Address*: 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc
 *Uncompressed Pubkey*:
 047AA4C9652BEB1A01B351CC212391168C11E192E25A88AF79A422C4F83CBC7ED0BB5632C87547C45525167A8C814AFC29C7FFE44157547DC21B193AC714B4BA06
 *Message*: This is Sam. I own 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc and will use
 it for the OpenBazaar multisignature fund.
 *Signature*:
 IIKNFBcUu9OQ/L+bv/liAMMPBJHC70Y9bpzUsscW7C3FloC7uw5QH1UJUdN1AR50kuIAikB9mZkvZKcTGvDzDYk=


 Washington Sanchez:

 *Address:* 19fQbq6egzREyDSt8R1zGPAFoR1THWSV4g
 *Uncompressed Pubic Key:*
 0420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d207
 *Message:* This is Washington, confirming that I own this address.
 *Signature:*
 Gx9lga0zuYcJk8dhXq3Wb0Nsy5tXohJusUoIw7pm9ZytrGC6wD8zfwS4K4f+sRqdWE2s9kyv9Wd5q0Fl//HY1AE=


 Dionysis Zindros:

 *Address:* 1HA6tFUGQrzrwGDDVp9dHivNRyhuT37dCh
 *Uncompressed Public Key:*
 046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb8
 *Message:* This is Dionysis Zindros, confirming that I own this address.
 *Signature:*
 HI9Bc8o/pyKmowG9cRL47Zt4ylYIJOxQnvSB4AF7FaNCHVz+hA6jowsDppAIKwLX9FMrxBqiGnhgpc/68G2t+uM=

 We invite the public to verify our signatures above.

 (2) Multisig address migration

 We are designating the following 2-of-4 multisig address for the storage of
 OpenBazaar funds:

 3MXYUBLWNETa5HTewZp1xMTt7AW9kbFNqs

 The address is constructed with the above 4 public keys. We invite the public
 to check that the multisig address is a 2-of-4 address and that it is
 constructed using the above 4 public keys. For verification purposes, the
 bitcoin script is given below:

 524104b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd398541047aa4c9652beb1a01b351cc212391168c11e192e25a88af79a422c4f83cbc7ed0bb5632c87547c45525167a8c814afc29c7ffe44157547dc21b193ac714b4ba06410420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d20741046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb854ae

 (3) Mandatory transparency

 We have transfered all our funds to the multisig address and published it
 to be used for donations. While we still have access to our old donations
 address for donations coming from people who have stored it, we will be
 using the new address for all donation purposes from now on. Any funds
 donated to the old address will be immediately transfered to the multisig
 address.

 We will make all our organizational payments directly from our multisig
 address. We vow to publish the following information for every transaction
 originating from our project multisig address from now on:

 * The recipient bitcoin address
 * The date of the transaction
 * The recipient actual name or company name
 * The reason for the expenses

 In case of conversion to fiat currency, we will state the above data for the
 recipient of the converted fiat currency.

 We invite the public to verify our GPG signatures on the above announcement.

 Brian Hofmann, Project Lead
 Sam Patterson, Operations Lead
 Washington Sanchez, Research Lead
 Dionysis Zindros, Trust & Identity Developer
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2

 iQIcBAEBCAAGBQJUWtYEAAoJEOB4yK6/8jLPArMP/2AP/gYlBIpnGQpoAVaAUuwa
 SV50mUL6ltomji3zH6ycWuhaWwNXDMq+0D1CXNG0pVEfK2wZl3uGKjnc7YB8/ZHl
 P6m3LdMYXMMZ8gxIoWM+dK5U4AaWPMJalQMIB/CANW4b3z9Uoi+802GvCAGMPsQF
 QhlHfpTLWOwCgVlmNTSBPdxrGzhob2jAECQZpMCtnBOKy12E4XRKGQZVILqIvtww
 HhMjk4ktcbmMwJhnmoLJZ3OZlvfidzPWvivh6EYpFmBgSnk1of0G46Ez5LoAuVlZ
 oj9P0OXGkU5a96xW349WSaHJPOL1L12dBsWDdGI8PVeeNhlAM/cLsRODMHJAoKLO
 vrlYXZuP8qELt6hvO90289AQCpEDtsH9PBkiAj54HEVaRjTghk203WPVJnCyNhlR
 t3T3/uc5MgucZ56bm/mvbMY0h36XIIzmGq+fBZRxVvcrJ1J2w/Xy0Nmk043zW3qZ
 Bwakw9f4PZioHiuUYqCbZpsXlSpTfzoBtxWFiCkKDxAaKpy0rQpme9YXQtcvtZo0
 VS86t4R6MLHVWFsTjFn1BFsBX3iFpwevtSN90fLGOlqKtSKduqoyclIfbYNpaKIk
 DfUBC0ObF6OjcuaHlY/5IIGt3Mark7AH7qJ0KNsu/8XSrCZNZIMCwq6XjW33JY+c
 dTh5frSEMaxQoZ9p1Pk2
 =X9RX
 -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA256

	Migration of our project funds to a multisig address.
	=====================================================

	We, the undersigned core developers of OpenBazaar, have decided with consensus
	on the following on November 4th, 2014:

	Because of the facts that:

	(1) Developers can be malicious

	Our threat model involves powerful agents at play. These can include malicious
	governments who have the ability to issue secret warrants legally requiring
	developers to take certain actions. We therefore follow a trust-but-verify
	model in all our development process. As such, certain developers of the
	project may in the future be legally required to perform actions that they do
	not agree with, without the ability to communicate this fact to others. Through
	multisig, we are requiring at least one more developer to perform a check on
	financial decisions as a safety-net.

	(2) Mistakes happen

	We are human and often make mistakes. This can include lost wallet keys,
	or destroyed laptops. Multisig will allow us to migrate our funds in case one
	developer loses their keys.

	We also sometimes make transactions that may be incorrect. A second pair of
	eyes is good to make sure we don't burn our funds or we don't send them to the
	wrong third party.

	(3) Developers can become unavailable

	Developers may become unavailable for various reasons such as accident or
	death. We do not want to depend on one individual for all our funds. In case of
	unavailability, multisig allows us to move our funds to a new address.

	(4) Dictatorship is evil

	We take team decisions with consensus. However, sometimes consensus cannot be
	reached. We have never had this problem in our team yet, but it is bound to
	happen in the future. In cases where consensus cannot be reached, an individual
	developer should not have the power to act solely as a dictator and enforce
	their opinion. Multisig requires at least one more party to consent. This acts
	as a safety net.

	(5) Transparency is good

	We believe in a transparent development model. All our code is open source. We
	interact with the community through public chat on IRC, on a public subreddit,
	and in forums, all viewable by anyone. We plan features and submit bug reports
	through GitHub issues, which are public. Anyone is able to criticize us through
	these channels directly, even pseudonymously.

	As of Beta 3, we are also making all all-hands developer video calls publicly
	available through live streaming, and they are recorded for future reference.
	We wish to be held accountable for our actions, and we invite the criticism of
	the community.

	In this direction, as we are funded through donations, we believe the public
	should know exactly how much money we have and where and when exactly it is
	spent. By publishing our multisig address, we submit our financial records to
	public scrutiny.

	Now, therefore, we are announcing the following:

	(1) Ownership of public keys

	Each of us controls one of the following public bitcoin keys. We are
	providing bitcoin signatures as proof that we are in control of each.


	Brian Hoffman:

	Address: 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo
	Uncompressed Pubkey:
	04b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd3985
	Message: This is Brian and I own 12khSGHCvJoB7d5evWykvgeJVdYtSgAaxo
	Signature:
	IHb6uWPR1mGxl85YDfPN1trD6ybLeeH0FotTWrUr2W+lcDLiM5iXompDaMJxFg3MwFQpto5cInFrPyooFw+/60I=

	Sam Patterson:

	Address: 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc
	Uncompressed Pubkey:
	047AA4C9652BEB1A01B351CC212391168C11E192E25A88AF79A422C4F83CBC7ED0BB5632C87547C45525167A8C814AFC29C7FFE44157547DC21B193AC714B4BA06
	Message: This is Sam. I own 19xZbcnF9HB3ycfFJmQS5Gr7eJ7riJKrWc and will use
	it for the OpenBazaar multisignature fund.
	Signature:
	IIKNFBcUu9OQ/L+bv/liAMMPBJHC70Y9bpzUsscW7C3FloC7uw5QH1UJUdN1AR50kuIAikB9mZkvZKcTGvDzDYk=


	Washington Sanchez:

	Address: 19fQbq6egzREyDSt8R1zGPAFoR1THWSV4g
	Uncompressed Pubic Key:
	0420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d207
	Message: This is Washington, confirming that I own this address.
	Signature:
	Gx9lga0zuYcJk8dhXq3Wb0Nsy5tXohJusUoIw7pm9ZytrGC6wD8zfwS4K4f+sRqdWE2s9kyv9Wd5q0Fl//HY1AE=


	Dionysis Zindros:

	Address: 1HA6tFUGQrzrwGDDVp9dHivNRyhuT37dCh
	Uncompressed Public Key:
	046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb8
	Message: This is Dionysis Zindros, confirming that I own this address.
	Signature:
	HI9Bc8o/pyKmowG9cRL47Zt4ylYIJOxQnvSB4AF7FaNCHVz+hA6jowsDppAIKwLX9FMrxBqiGnhgpc/68G2t+uM=

	We invite the public to verify our signatures above.

	(2) Multisig address migration

	We are designating the following 2-of-4 multisig address for the storage of
	OpenBazaar funds:

	3MXYUBLWNETa5HTewZp1xMTt7AW9kbFNqs

	The address is constructed with the above 4 public keys. We invite the public
	to check that the multisig address is a 2-of-4 address and that it is
	constructed using the above 4 public keys. For verification purposes, the
	bitcoin script is given below:

	524104b3fae54a761c71d38df081cddb75b6306306d8e83338e9b748a02d4978ef48d356ec7fb4155bc819767ed90d56a0dccab185b9bf3d52027cdc226b611ddd398541047aa4c9652beb1a01b351cc212391168c11e192e25a88af79a422c4f83cbc7ed0bb5632c87547c45525167a8c814afc29c7ffe44157547dc21b193ac714b4ba06410420b86afc794ec3307bcf3becc94b30f672a17483581dd703a37956f60ba89cf77bc349fe7d9889f7ed609b14bc397fc4ae0196c8325e6acc4d2e95aceca4d20741046ca17a66be50dc0d0093d3ebbefb74ffbd69fae577dfa329f67444f3f99913708efa5f51ca27fd0509af26245c9d5526b620cb9d90ca9a4a0ef2e3e2fe0e2bb854ae

	(3) Mandatory transparency

	We have transfered all our funds to the multisig address and published it
	to be used for donations. While we still have access to our old donations
	address for donations coming from people who have stored it, we will be
	using the new address for all donation purposes from now on. Any funds
	donated to the old address will be immediately transfered to the multisig
	address.

	We will make all our organizational payments directly from our multisig
	address. We vow to publish the following information for every transaction
	originating from our project multisig address from now on:

	* The recipient bitcoin address
	* The date of the transaction
	* The recipient actual name or company name
	* The reason for the expenses

	In case of conversion to fiat currency, we will state the above data for the
	recipient of the converted fiat currency.

	We invite the public to verify our GPG signatures on the above announcement.

	Brian Hofmann, Project Lead
	Sam Patterson, Operations Lead
	Washington Sanchez, Research Lead
	Dionysis Zindros, Trust & Identity Developer
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v2

	iQIcBAEBCAAGBQJUWtYEAAoJEOB4yK6/8jLPArMP/2AP/gYlBIpnGQpoAVaAUuwa
	SV50mUL6ltomji3zH6ycWuhaWwNXDMq+0D1CXNG0pVEfK2wZl3uGKjnc7YB8/ZHl
	P6m3LdMYXMMZ8gxIoWM+dK5U4AaWPMJalQMIB/CANW4b3z9Uoi+802GvCAGMPsQF
	QhlHfpTLWOwCgVlmNTSBPdxrGzhob2jAECQZpMCtnBOKy12E4XRKGQZVILqIvtww
	HhMjk4ktcbmMwJhnmoLJZ3OZlvfidzPWvivh6EYpFmBgSnk1of0G46Ez5LoAuVlZ
	oj9P0OXGkU5a96xW349WSaHJPOL1L12dBsWDdGI8PVeeNhlAM/cLsRODMHJAoKLO
	vrlYXZuP8qELt6hvO90289AQCpEDtsH9PBkiAj54HEVaRjTghk203WPVJnCyNhlR
	t3T3/uc5MgucZ56bm/mvbMY0h36XIIzmGq+fBZRxVvcrJ1J2w/Xy0Nmk043zW3qZ
	Bwakw9f4PZioHiuUYqCbZpsXlSpTfzoBtxWFiCkKDxAaKpy0rQpme9YXQtcvtZo0
	VS86t4R6MLHVWFsTjFn1BFsBX3iFpwevtSN90fLGOlqKtSKduqoyclIfbYNpaKIk
	DfUBC0ObF6OjcuaHlY/5IIGt3Mark7AH7qJ0KNsu/8XSrCZNZIMCwq6XjW33JY+c
	dTh5frSEMaxQoZ9p1Pk2
	=X9RX
	-----END PGP SIGNATURE-----