Hi Ava,

Thanks for the answer and the additional information.

I think this is unclear to me if Peter himself was part of the discussion
amongst several members of the security list on re-examining if their 
presence
and the ones of others was still worthy on the list, be it online or 
offline.

I fully understrand this is a kind of conversation which certainly does not
warrant to be public, and I mostly agree with that. Yet I believe it's 
ethically
bordeline to not invite someome to express its own viewpoint in asking to be
removal of its own access, especially in a project that aims to be 
decentralized
and a technnical meritocracy (-- I believe an ideal we aspire all).

Beyond, and forgive the expression if it's a bit rude, I believe it's a bit 
"naive",
"short-sighted" as a position of the members of the security list, with 
whatever
level of true consensus such removal has being done (-- and I'm not aware 
there
was operational security emergency that justified such removal).

"Naive", as saying this is the _Bitcoin Core_ project list only can only 
provoke blind
spot among the list members if the security issues are either affecting old 
part of
the codebases that younger members have less experiences with (some parts 
like consensus
or block-relay are modified only every 5 years) or novel factors from 
upstream or downstream
(e.g the internet networking stack or implications on deployed contract 
protocols like
lightning). On both the former and latter criterias, I think Peter overly 
meets the bar.

"Short-sighted", as it's making the members of the security list both party 
and arbiter
of appreciating what is an _active_ contributor among themselves (all in a 
very ethically
bordeline fashion). In my experience with lightning over the past years, 
with discovering
more and more issues which in fact that arises from imperfect interfacting 
with the base-layer,
I was progressively lead to spend more and more time on the core side as it 
was natural to
have things fixed thhere (or at least advocate so). Of course, I was in 
consequence less active
on the lighting development day-to-day side. Did it make be less competent 
to be responsive when
issues affected lighting ? I don't believe so (though obviously I'll let 
other lightning experts
corroborate or infirm this self-cogtratulory statement of mine).

Same for Peter, if he had make the choices to consencrate its open-source 
time on more long-term
things like transaction denial-of-service vectors or analyzing new 
consensus changes proposals
(whatever the long-erm outcome, R&D is a stochastic process -- his track 
records with things like
bip65 shall give him a positive presumption)

I think as a community to give such cultural margin to do so, even if it's 
as the trade-off of
less review on day-to-day core things with a more reduced global scope like 
the gui or the wallet.

When you've big sh*t hitting the fan like inflation bugs or level DB 2013 
unexpected fork you
prefer have experts with a decade of experience to collaborate with, and 
sharing the same cultural
and ethical norms of the active contributors evaluated by numbers on 
commits on the last single-digit
years.

I'll repropose Peter admission on the security list mailing list in the 
coming weeks by opening an
issue on the bitcoin-meta repository, once this current mailing list thread 
has slowed down a bit,
or at least the technical analysis has been dissociated from the 
proceedings which have all been
bundle in a big message. In my very personal opinion, I still trust more 
Peter competence and experience
than some other people I know who are on the security mailing list.

All that said I appreciate your answer and I'm satisfied from the personal 
role you've have played
in the matter with, and be reassured I'll keep you among the recipient of 
future security issues with
a potential impact on bitcoin core that I might find or be aware off.

Best,
Antoine
ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd54

Le samedi 20 juillet 2024 à 01:50:25 UTC+1, Ava Chow a écrit :

> On 07/19/2024 07:58 PM, Antoine Riard wrote:
> > As said in one my previous email, I'm still curious about achow101 
> > explaining publicly
> > why you have been kicked-out of the bitcoin-security mailing list, when 
> > you were certainly
> > more senior than achow101 in matters of base-layer security issues or 
> > even hard technical
> > issues like consensus interactions (e.g bip65). I'll re-iterate my 
> > respect towards achow101
> > as a maintainer from years of collaboration, though this is a topic 
> > worthy of an answer.
>
> I am not the one that removed Peter from the mailing list, nor do I even 
> have the login(s) to do so.
>
> There was a discussion amongst several members of the security list 
> about who was on the list, and who should be on the list. Given that the 
> security list is the _Bitcoin Core_ security list, we determined that 
> the people who should be on the list are people who still actively 
> contribute to the project. As Peter Todd no longer actively contribute 
> code nor code review to the project, we decided that it didn't make 
> sense to continue to have him on the list.
>
> My recollection is that multiple other people were removed from the list 
> for the same reason at the same time.
>
> Ava
>
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com.