Gloria Zhao became a Bitcoin Core maintainer

Big news recently in the Zcash’s upstream codebase: Gloria Zhao (glozow) was added to trusted-keys on 2022-07-07, thus making her a Bitcoin Core maintainer.

By happenstance, this occurred when Pieter Wuille (sipa) stepped down from maintainership.

Naturally, I want to know what someone in such a responsible position thinks about important issues. On one of the most important subjects, I notice something that Gloria wrote for Blockchain at Berkeley while she was still an undergrad at U.C. Berkeley:

So, her influences include Edward Snowden, Virgil, Bruce Schneier, and Julian Assange. I like her way of thinking.

“Privacy and censorship resistance should be the default. We can’t keep measuring technologies or applications based on how convenient they are or how cheap they are.
We need to start thinking about how private they are.” – Gloria Zhao [source]

Who pays?

After she graduated, Gloria entered a fellowship at Brink—a paid full-time position working on Bitcoin Core—supported by grants from the Human Rights Foundation and from Jack Dorsey’s Square Crypto (now Spiral). As I have repeatedly observed, developers need to be paid somehow; and all of Bitcoin Core, including Zcash’s foundational upstream codebase, is MIT-licensed code funded by grants from businesses, nonprofits, and altruistic individuals.

Food for thought: Bitcoin Core’s funding is decentralized. No one party holds the purse strings—nobody can exercise financial control of the whole process, or even of a too-large proportion of it. The people who pay, choose to pay because they expect results. The results: The reference node is a well-maintained masterpiece of world-class financial software engineering, the ecosystem is thriving—and even in a deep bear market, BTC is still up about 23x over its price at the beginning of 2017.

When I want to succeed, I learn from success.

This is crypto.

Since she started full-time work on Bitcoin Core, Gloria has established herself as an expert in mempool policy and transaction propagation, contributed code, and participated in code reviews. And now, her PGP key has been entrusted with maintainership responsibilities:

Trusting PGP keys means not trusting Github, not trusting Github accounts, not trusting passwords/2FA and other insecure nonsense.

This is a part of the security process assuring the integrity of software that’s ready for trillion-dollar financial usage. This is the magic of crypto:


Aside, I advocate a strict policy of PGP signatures, enforced by automated scripts. That is called using crypto. Bitcoin and PGP share DNA, so I’m not surprised that Bitcoin Core engineered a secure development process with a cryptographically verifiable audit trail (not to mention that Bitcoin Core was a pioneer in the practice of reproducible builds). Especially in defi and smart contract chains, I am stunned to see “crypto” codebases proliferating from developers who seem never even to have heard of crypto; any project that lacks a cryptographically authenticatable audit trail of commits is not ready for high-value financial usage any sane usage. And I never trust as credible the “crypto” opinions of anyone who doesn’t use PGP.

My motto: If you don’t do PGP, you don’t do crypto!

This is important for any software:

Gloria gets crypto—I mean, the practice of applied cryptography. Bitcoin Core welcomes her to trusted-keys. :smiley_cat:

(Image source: Gloria Zhao.)