Sounds like laying the groundwork for a disinfo campaign when Chinese miners fork to a larger max blocksize. Sowing the seeds now to favor an adversarial mindset when it comes to plans coming from China.
Stop trolling.
This is actually one of the first things that I thought of when I read the warning. I would say the above is likely the case until questions like
these, and questions about how this information was obtained can be answered. As of now all we have to go on is the word of someone who has zero reason to be trusted, and has many reasons to be distrusted.
Most major bitcoin entities will most likely be using custom software that is built from scratch anyway, so verifying the signatures of the blockstream core devs is mostly a moot point.
I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
Wait for version 0.14 or something? It this a feasible solution?
If what is being described in the OP is true, then the attacker would simply wait for 0.14 to be released to infect their targets.
p.s. to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?
No. An attacker can use different https keys, and use other means to trick trick a user into thinking that the https keys are correct. Or, an attacker can potentially steal the https keys from bitcoin.org, which by design, must remain online at all times.
Is there no way of distributing a file more safely than uploading to bitcoin.org's server? for example, if the devs upload the file to Google Drive, wouldn't it be safer?
Google drive would not be safer.