On Thu, Apr 18, 2013 at 06:07:23AM +0000, John Dillon wrote:
> Gavin do you actually agree with Mike on this stuff like he implies?
> Because if you do, I think people should know. Myself I wouldn't want
> to be contributing to your salary as a foundation member if you don't
> take Bitcoin security seriously.

FWIW Gavin has spent quite a bit of time and effort ensuring that
Bitcoin is resistent to DoS attacks, as well as spearheading a move
towards better testing. The latter in particular is helpful against
chain-forking bugs, so better testing is very much a security issue. He
also spearheaded P2SH, and the current efforts to get a payment protocol
implemented. I'm less convinced about his stance against attackers that
pose a threat to the system as a whole, but it's not fair to accuse him
of not taking security seriously.

> Strict replacement by fee should be written so it can be tested
> properly and people in the Bitcoin ecosystem use proper security
> practices with regard to unconfirmed transactions. I'm willing to
> pledge $500USD to anyone who implements it. That is write the core
> functionality that does replacement by fee, and a simple 'undo' RPC
> command. I would do it myself but my programming is rusty.

You should clarify if you want this patch to compute fees recursively or
not, IE, should the patch include fees paid by child transactions in how
it computes the total fee the transaction pays. Doing this is
non-trivial, although Luke-Jr has written a patch to do this without
replacement: https://github.com/bitcoin/bitcoin/pull/1647

Also, clarify if you want unit-tests and similar things included in the
implementation.

-- 
'peter'[:-1]@petertodd.org