* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
@ 2021-10-20 21:50 Andrew Chow
0 siblings, 0 replies; 13+ messages in thread
From: Andrew Chow @ 2021-10-20 21:50 UTC (permalink / raw)
To: bitcoin-dev
On 10/20/2021 03:20 PM, Owen Gunden via bitcoin-dev wrote:
> I also notice that, as of 22.0, Wladimir is no longer signing the
> releases, and I have no trust in my gpg network of the people who seem
> to have replaced him.
It is signed with his personal key, as well as the personal keys of
several other developers.
> Given the level of security at stake here, my eyebrows are raised at
> this combination of items changing (new website + new gpg signers at the
> same time).
bitcoincore.org has been Bitcoin Core's official website for several
years. Binaries have not been posted to bitcoin.org by the release
maintainer for several major releases. The only reason they are still
available there is because bitcoin.org's maintainer mirrors them.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-11-05 14:45 ` yanmaani
2021-11-08 3:02 ` ZmnSCPxj
@ 2021-11-09 12:49 ` Prayank
1 sibling, 0 replies; 13+ messages in thread
From: Prayank @ 2021-11-09 12:49 UTC (permalink / raw)
To: Yanmaani; +Cc: Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 6823 bytes --]
Hi Yanmaani,
> Unfortunately, this isn't really possible. If they did that, you could get consensus splits. This is why all the other stuff is so important - if Bitcoin is subverted via soft-fork, you *can't* just run your own fork.
I am aware of this problem however looking for solutions or workarounds. Is it possible to have one library for things related to consensus which is used by all full node implementations? There are lot of other things in any full node implementation apart from consensus related code.
> This is all about the money - it's easy to have people be independent when their source of money is independent. But nobody's crazy enough to bite the hand that feeds them, and you couldn't really build a system on that basis. Our best hope is gentle hands, or contributors wealthy enough not to have to care.
Sorry neither I agree with this nor its "all about money" for me. I am assuming there are few others as well with similar thoughts.
I had shared few reasons why someone might contribute to Bitcoin Core: https://bitcoin.stackexchange.com/a/108017/
> Isn't Bitcoin already plenty distributed? Funding people in under-represented countries seems to me like a textbook exercise in 'box-ticking, but moreover, I'd frankly rather have reasonably well-off guys from Western Europe/America who have the financial backbone to not worry that much about attacks to their funding, than mercenaries who have to follow orders or get fired. Even if they're from West Uzbekistan.
Sorry I don't agree with this approach. Its not about 'box-ticking' textbook exercise but to make the attacks more difficult by any governments or people with malicious intent. Few years back when I was in college and Tor wasn't as famous as it is now, we used normal socks proxies for pentesting. My mentor Godzilla had suggested us to use IP of different countries not because it is some textbook exercise but it helps when someone tries to trace your requests. Similarly, if we have people from different countries in different full node implementations as maintainers it will be difficult for people to try crazy things.
> See above. Bitcoin Knots isn't really independent.
I understand there are other implementations like btcd, bcoin, gocoin, libbitcoin, bitcore etc. and Knots is a derivative of Core. However there are lot of differences and it changes your experience as a user while running node and using it for different things. I have mentioned few things in the medium post shared in last email.
> You could also look into a system like Monero's CCS.
Yes I like it and suggested once in bitcoin.org repository even though it can be done by anyone as there is no official website for Bitcoin: https://github.com/bitcoin-dot-org/Bitcoin.org/issues/3545
--
Prayank
A3B1 E430 2298 178F
Nov 5, 2021, 20:15 by yanmaani@cock•li:
> On 2021-11-05 08:17, Prayank via bitcoin-dev wrote:
>
>> What followed it (whitepaper being shared on different websites) was
>> true decentralization and we need something similar in other aspects
>> of full node implementations. Few things that can improve
>> decentralization:
>>
>> 1.More people using alternative full node implementations. Right now
>> 98% of nodes use Bitcoin Core.
>>
>
> Unfortunately, this isn't really possible. If they did that, you could get consensus splits. This is why all the other stuff is so important - if Bitcoin is subverted via soft-fork, you *can't* just run your own fork.
>
> Theoretically, I suppose you could run two implementations and do something if they differ, but what?
> 1. Bitcoin Core and <AltImpl> both say block is valid -> valid
> 2. Bitcoin Core and <AltImpl> both say block is invalid -> invalid
> 3. Bitcoin Core says valid, <AltImpl> says invalid -> valid (or get forked off)
> 4. Bitcoin Core says invalid, <AltImpl> says valid -> invalid (or hardfork)
>
>> 2.More people like Luke Dashjr and Amir Taaki who do not simp for
>> anyone. Being a contributor or maintainer in Bitcoin full node
>> implementation is different from other open source projects. It was
>> never going to be easy and it will get difficult with time,
>>
>
> This is all about the money - it's easy to have people be independent when their source of money is independent. But nobody's crazy enough to bite the hand that feeds them, and you couldn't really build a system on that basis. Our best hope is gentle hands, or contributors wealthy enough not to have to care.
>
> (Whatever happened to Amir Taaki, by the way?)
>
>> 3.More people from different countries getting involved in important
>> roles.
>>
>
> Isn't Bitcoin already plenty distributed? Funding people in under-represented countries seems to me like a textbook exercise in 'box-ticking, but moreover, I'd frankly rather have reasonably well-off guys from Western Europe/America who have the financial backbone to not worry that much about attacks to their funding, than mercenaries who have to follow orders or get fired. Even if they're from West Uzbekistan.
>
> (Maybe they need a union?)
>
>> 4.Few anons.
>>
>
> Gonna guess you mean "a few anons," not fewer anons.
>
> Again, problem is money. These days, nobody threatens anyone with anything substantive, like murder - the threats all involve cutting off some funding. So having anonymous people being funded by non-robust sources doesn't really buy you that much, because the weakest link will pretty much never be the de-jure, legal freedom of an individual.
>
> Having a system that allows people to fund anonymous people better would be interesting, but it has some challenges with trust and so on.
>
>> 5.Individuals and organizations who fund different Bitcoin projects
>> should consider contributing in alternative. full node implementations
>> as well. Maybe start with Bitcoin Knots.
>>
>
> See above. Bitcoin Knots isn't really independent. btcd in Go is, so I guess they could try that. But at the end of the day, it wouldn't help - btcd has to be bug-for-bug compatible with Core, and it couldn't really be any other way.
>
> For my $0.05, what's needed is more "hard money" - if people could make donations into a fund, with the fund then paying out to developers, and that fund be controlled in a civilized and non-centralized way (that's the hard part!), this would somewhat insulate developers from people threatening to stop their contributions to The Fund, at the price of having developers being able to be coerced by The Fund.
>
> You could also look into a system like Monero's CCS. But at the end of the day, funding is really a very difficult problem, no matter how you slice it. The money still has to enter the system somehow. Since Bitcoin is a public good, you can't really capture its value, and this means individuals who can (e.g. by malicious activity) will always have the leg up.
>
[-- Attachment #2: Type: text/html, Size: 8506 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-11-05 14:45 ` yanmaani
@ 2021-11-08 3:02 ` ZmnSCPxj
2021-11-09 12:49 ` Prayank
1 sibling, 0 replies; 13+ messages in thread
From: ZmnSCPxj @ 2021-11-08 3:02 UTC (permalink / raw)
To: yanmaani, Bitcoin Protocol Discussion; +Cc: Prayank
Good morning yanmaani,
> > 3.More people from different countries getting involved in important
> > roles.
>
> Isn't Bitcoin already plenty distributed? Funding people in
> under-represented countries seems to me like a textbook exercise in
> 'box-ticking, but moreover, I'd frankly rather have reasonably well-off
> guys from Western Europe/America who have the financial backbone to not
> worry that much about attacks to their funding, than mercenaries who
> have to follow orders or get fired. Even if they're from West
> Uzbekistan.
>
> (Maybe they need a union?)
>
> > 4.Few anons.
>
> Gonna guess you mean "a few anons," not fewer anons.
>
> Again, problem is money. These days, nobody threatens anyone with
> anything substantive, like murder - the threats all involve cutting off
> some funding. So having anonymous people being funded by non-robust
> sources doesn't really buy you that much, because the weakest link will
> pretty much never be the de-jure, legal freedom of an individual.
>
> Having a system that allows people to fund anonymous people better would
> be interesting, but it has some challenges with trust and so on.
<ZmnSCPxj coughs quietly in GMT+8 timezone>
On the other hand, one can argue that "ZmnSCPxj" at this point is a bonafide name (that happens to once have been simply a random sequence of letters) rather than an anonymous cover.
As to box-ticking: the simple fact of the matter is that smart humans will arise everywhere.
It is to the interest of Bitcoin users that more of thhem contribute to the success of Bitcoin.
The alternative by default is that smart people who became smart because they happened to start out with the disadvantage of having to fight tooth and claw in a bad environment will be quite willing to do anything, including attack Bitcoin, just to get out of such a situation.
Regards,
ZmnSCPxj
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-11-05 8:17 ` Prayank
2021-11-05 10:52 ` damian
@ 2021-11-05 14:45 ` yanmaani
2021-11-08 3:02 ` ZmnSCPxj
2021-11-09 12:49 ` Prayank
1 sibling, 2 replies; 13+ messages in thread
From: yanmaani @ 2021-11-05 14:45 UTC (permalink / raw)
To: Prayank, Bitcoin Protocol Discussion
On 2021-11-05 08:17, Prayank via bitcoin-dev wrote:
> What followed it (whitepaper being shared on different websites) was
> true decentralization and we need something similar in other aspects
> of full node implementations. Few things that can improve
> decentralization:
>
> 1.More people using alternative full node implementations. Right now
> 98% of nodes use Bitcoin Core.
Unfortunately, this isn't really possible. If they did that, you could
get consensus splits. This is why all the other stuff is so important -
if Bitcoin is subverted via soft-fork, you *can't* just run your own
fork.
Theoretically, I suppose you could run two implementations and do
something if they differ, but what?
1. Bitcoin Core and <AltImpl> both say block is valid -> valid
2. Bitcoin Core and <AltImpl> both say block is invalid -> invalid
3. Bitcoin Core says valid, <AltImpl> says invalid -> valid (or get
forked off)
4. Bitcoin Core says invalid, <AltImpl> says valid -> invalid (or
hardfork)
> 2.More people like Luke Dashjr and Amir Taaki who do not simp for
> anyone. Being a contributor or maintainer in Bitcoin full node
> implementation is different from other open source projects. It was
> never going to be easy and it will get difficult with time,
This is all about the money - it's easy to have people be independent
when their source of money is independent. But nobody's crazy enough to
bite the hand that feeds them, and you couldn't really build a system on
that basis. Our best hope is gentle hands, or contributors wealthy
enough not to have to care.
(Whatever happened to Amir Taaki, by the way?)
> 3.More people from different countries getting involved in important
> roles.
Isn't Bitcoin already plenty distributed? Funding people in
under-represented countries seems to me like a textbook exercise in
'box-ticking, but moreover, I'd frankly rather have reasonably well-off
guys from Western Europe/America who have the financial backbone to not
worry that much about attacks to their funding, than mercenaries who
have to follow orders or get fired. Even if they're from West
Uzbekistan.
(Maybe they need a union?)
> 4.Few anons.
Gonna guess you mean "a few anons," not fewer anons.
Again, problem is money. These days, nobody threatens anyone with
anything substantive, like murder - the threats all involve cutting off
some funding. So having anonymous people being funded by non-robust
sources doesn't really buy you that much, because the weakest link will
pretty much never be the de-jure, legal freedom of an individual.
Having a system that allows people to fund anonymous people better would
be interesting, but it has some challenges with trust and so on.
> 5.Individuals and organizations who fund different Bitcoin projects
> should consider contributing in alternative. full node implementations
> as well. Maybe start with Bitcoin Knots.
See above. Bitcoin Knots isn't really independent. btcd in Go is, so I
guess they could try that. But at the end of the day, it wouldn't help -
btcd has to be bug-for-bug compatible with Core, and it couldn't really
be any other way.
For my $0.05, what's needed is more "hard money" - if people could make
donations into a fund, with the fund then paying out to developers, and
that fund be controlled in a civilized and non-centralized way (that's
the hard part!), this would somewhat insulate developers from people
threatening to stop their contributions to The Fund, at the price of
having developers being able to be coerced by The Fund.
You could also look into a system like Monero's CCS. But at the end of
the day, funding is really a very difficult problem, no matter how you
slice it. The money still has to enter the system somehow. Since Bitcoin
is a public good, you can't really capture its value, and this means
individuals who can (e.g. by malicious activity) will always have the
leg up.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-11-05 8:17 ` Prayank
@ 2021-11-05 10:52 ` damian
2021-11-05 14:45 ` yanmaani
1 sibling, 0 replies; 13+ messages in thread
From: damian @ 2021-11-05 10:52 UTC (permalink / raw)
To: Prayank, Bitcoin Protocol Discussion
Good Afternoon,
Talk about the present and the future is misguided if it concludes that
the decentralisation of a project itself is responsible even if the
operation of the project is to produce a specification, and a software
capable of performing transactions in a decentralised manner. There is
no advantage or disadvantage to the project to have several choices of
the software implementation unless buffoons are misguided and wish to
attack fungibility or consensus, which the operation of consensus must
defend, in which case use [Bitcoin Core at version
21](https://github.com/bitcoin/bitcoin/tree/0.21) and [create a
fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo) and
start developing. As you can see [Bitcoin Core version 20 has been
modified](https://github.com/bitcoin/bitcoin/branches) and no longer
passes checks similarly with version 18 which makes it more difficult to
compile make build. A person't own contributions are theirs, to delegate
is responsible, to try and create a seven headed lion to keep under
command like one would a gryphon is an infirmity.
Creating a properly delegated organisation, being a foundation for the
purpose of the maintenance of the consensus of Bitcoin a fungible
decentralised currency and the Bitcoin Core software is the sort of
thing I would easily consider but it is far more centralised to be an
operable concern. In short, as at the beginning, Bitcoin needs a few
heroes that can understand the whitepaper and write software and if the
work is too much one organisational foundation that does is correctly
stewardship. To decentralise one's own work only requires that there are
several offices available for those you employ to delegate to, but still
there requires for your project a headship.
Once the currency is fungible as you should now consider, just today
there was a public announcement that the Commonwealth Bank Of Australia
is going to allow buying and selling Bitcoin as one of its services, the
primary requirements are to defend the existing consensus as the right
of trade in every UTXO has value because of that consensus, and
particularly because of the ease of that trade.
I do not expect anybody is eligible to be dictated to in the Bitcoin
project, but people, be sensible, everybody has worked hard and the
project is becoming a success. Opportunities to further develop the
software of the coin and the protocol do not form part of the current
value, hardly. Several groaning seven headed lion's are
counterproductive if all they do is search for opportunities for change.
Change is the diametrically opposed of consensus and is consensus that
brings fungibility. You can already make any manner of instrument for
smart contract with your solicitor's office. What is necessary is the
operation of the Bitcoin protocol. The alternative to the deliberately
chosen consensus is a democracy, and you cannot build any software with
democracy, and people do not know what is good for them or they could
govern themselves. A few lessons in history assures government is
necessary to enshrine law and insist as the delegates of democracy for
its operation, to ensure a civilised and decent civility can exist.
Please, if you have concerned for Bitcoin, revoke your positions until
you fight for consensus.
KING JAMES HRMH
Great British Empire
Regards,
The Australian
LORD HIS EXCELLENCY JAMES HRMH (& HMRH)
of Hougun Manor & Glencoe & British Empire
MR. Damian A. James Williamson
Wills
et al.
Willtech
www.willtech.com.au
www.go-overt.com
duigco.org DUIGCO API
and other projects
m. 0487135719
f. +61261470192
This email does not constitute a general advice. Please disregard this
email if misdelivered.
On 2021-11-05 01:17, Prayank via bitcoin-dev wrote:
> Hi Kate,
>
>> He is taking the most sensible way forward, decreasing bus factor.
>
> Agree. Work being shared with other maintainers is an improvement.
>
>> Read: https://laanwj.github.io/2021/01/21/decentralize.html
>
> Interesting blog post. First paragraph talks about strange
> expectations, not sure what other people expected however I expected
> present maintainers will always have respect for the Founder of
> Bitcoin, keep important docs in repository, website etc. forever and
> respond with appropriate things if any rich scammers try to remove
> anything important. Anyway that chapter is over and this PR will
> always remain in history for others to see and make their own opinions
> about it: https://github.com/bitcoin-core/bitcoincore.org/pull/740
>
> What followed it (whitepaper being shared on different websites) was
> true decentralization and we need something similar in other aspects
> of full node implementations. Few things that can improve
> decentralization:
>
> 1.More people using alternative full node implementations. Right now
> 98% of nodes use Bitcoin Core.
>
> 2.More people like Luke Dashjr and Amir Taaki who do not simp for
> anyone. Being a contributor or maintainer in Bitcoin full node
> implementation is different from other open source projects. It was
> never going to be easy and it will get difficult with time,
>
> 3.More people from different countries getting involved in important
> roles.
>
> 4.Few anons.
>
> 5.Individuals and organizations who fund different Bitcoin projects
> should consider contributing in alternative. full node implementations
> as well. Maybe start with Bitcoin Knots.
>
> I am sure lot of people will find this controversial or disagree with
> it however this is my opinion and things that I think can improve
> Bitcoin. Will quote something from my recent medium post about a dev
> meetup and Knots:
>
> Accepting the problems, looking for solutions and trying to improve
> things is the best approach we as engineers can follow to do better
> things in Bitcoin. Irrational optimism is as toxic as irrational
> pessimism.
>
> https://prayankgahlot.medium.com/op-halloween21-and-bitcoin-knots-b8a4da4fa0bd
>
> Only ~1337 blocks left for Taproot to activate. So cheers to another
> soft fork being a success and Bitcoin improving regularly. Thanks to
> everyone who contributed including reviewers. Hoping most of the
> people will start using latest version of Bitcoin Core or other full
> node implementations soon.
>
> .
>
> --
>
> Prayank
>
> A3B1 E430 2298 178F
>
> Oct 21, 2021, 01:48 by mercedes.catherine.salazar@gmail•com:
>
>> Hi Owen,
>>
>> On Wed, Oct 20, 2021 at 9:25 PM Owen Gunden via bitcoin-dev
>> <bitcoin-dev@lists•linuxfoundation.org> wrote:
>>
>>> On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
>>>
>>>>> It seems confusing to have two sites that seemingly both
>>> represent
>>>
>>>>> bitcoin core.
>>>
>>>>
>>>
>>>> There is only one website which represents Bitcoin Core full
>>> node
>>>
>>>> implementation. You can download Bitcoin Core from
>>>
>>>> https://bitcoincore.org
>>>
>>> I also notice that, as of 22.0, Wladimir is no longer signing the
>>>
>>> releases, and I have no trust in my gpg network of the people who
>>> seem
>>>
>>> to have replaced him.
>>
>> He is taking the most sensible way forward, decreasing bus factor.
>>
>> Read: https://laanwj.github.io/2021/01/21/decentralize.html
>>
>>> Given the level of security at stake here, my eyebrows are raised
>>> at
>>>
>>> this combination of items changing (new website + new gpg signers
>>> at the
>>>
>>> same time).
>>
>> Don't worry and build your own release;
>>
>> but if you do, always verify the tree hash.
>>
>> Trust signed annotated tags.
>>
>> Cheers!
>>
>>> _______________________________________________
>>>
>>> bitcoin-dev mailing list
>>>
>>> bitcoin-dev@lists•linuxfoundation.org
>>>
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 20:18 ` Kate Salazar
@ 2021-11-05 8:17 ` Prayank
2021-11-05 10:52 ` damian
2021-11-05 14:45 ` yanmaani
0 siblings, 2 replies; 13+ messages in thread
From: Prayank @ 2021-11-05 8:17 UTC (permalink / raw)
To: Kate Salazar; +Cc: Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 3865 bytes --]
Hi Kate,
> He is taking the most sensible way forward, decreasing bus factor.
Agree. Work being shared with other maintainers is an improvement.
> Read: https://laanwj.github.io/2021/01/21/decentralize.html
Interesting blog post. First paragraph talks about strange expectations, not sure what other people expected however I expected present maintainers will always have respect for the Founder of Bitcoin, keep important docs in repository, website etc. forever and respond with appropriate things if any rich scammers try to remove anything important. Anyway that chapter is over and this PR will always remain in history for others to see and make their own opinions about it: https://github.com/bitcoin-core/bitcoincore.org/pull/740
What followed it (whitepaper being shared on different websites) was true decentralization and we need something similar in other aspects of full node implementations. Few things that can improve decentralization:
1.More people using alternative full node implementations. Right now 98% of nodes use Bitcoin Core.
2.More people like Luke Dashjr and Amir Taaki who do not simp for anyone. Being a contributor or maintainer in Bitcoin full node implementation is different from other open source projects. It was never going to be easy and it will get difficult with time,
3.More people from different countries getting involved in important roles.
4.Few anons.
5.Individuals and organizations who fund different Bitcoin projects should consider contributing in alternative. full node implementations as well. Maybe start with Bitcoin Knots.
I am sure lot of people will find this controversial or disagree with it however this is my opinion and things that I think can improve Bitcoin. Will quote something from my recent medium post about a dev meetup and Knots:
Accepting the problems, looking for solutions and trying to improve things is the best approach we as engineers can follow to do better things in Bitcoin. Irrational optimism is as toxic as irrational pessimism.
https://prayankgahlot.medium.com/op-halloween21-and-bitcoin-knots-b8a4da4fa0bd
Only ~1337 blocks left for Taproot to activate. So cheers to another soft fork being a success and Bitcoin improving regularly. Thanks to everyone who contributed including reviewers. Hoping most of the people will start using latest version of Bitcoin Core or other full node implementations soon.
.
--
Prayank
A3B1 E430 2298 178F
Oct 21, 2021, 01:48 by mercedes.catherine.salazar@gmail•com:
> Hi Owen,
>
> On Wed, Oct 20, 2021 at 9:25 PM Owen Gunden via bitcoin-dev <> bitcoin-dev@lists•linuxfoundation.org> > wrote:
>
>> On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
>> > > It seems confusing to have two sites that seemingly both represent
>> > > bitcoin core.
>> >
>> > There is only one website which represents Bitcoin Core full node
>> > implementation. You can download Bitcoin Core from
>> > >> https://bitcoincore.org
>>
>> I also notice that, as of 22.0, Wladimir is no longer signing the
>> releases, and I have no trust in my gpg network of the people who seem
>> to have replaced him.
>>
>
> He is taking the most sensible way forward, decreasing bus factor.
>
> Read: > https://laanwj.github.io/2021/01/21/decentralize.html
>
>
>>
>> Given the level of security at stake here, my eyebrows are raised at
>> this combination of items changing (new website + new gpg signers at the
>> same time).
>>
>
> Don't worry and build your own release;
> but if you do, always verify the tree hash.
> Trust signed annotated tags.
> Cheers!
>
>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> >> bitcoin-dev@lists•linuxfoundation.org
>> >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
[-- Attachment #2: Type: text/html, Size: 6151 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 19:20 ` Owen Gunden
2021-10-20 19:37 ` Pieter Wuille
2021-10-20 19:43 ` Charles Hill
@ 2021-10-20 20:18 ` Kate Salazar
2021-11-05 8:17 ` Prayank
2 siblings, 1 reply; 13+ messages in thread
From: Kate Salazar @ 2021-10-20 20:18 UTC (permalink / raw)
To: Owen Gunden, Bitcoin Protocol Discussion; +Cc: Prayank
[-- Attachment #1: Type: text/plain, Size: 1202 bytes --]
Hi Owen,
On Wed, Oct 20, 2021 at 9:25 PM Owen Gunden via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
> > > It seems confusing to have two sites that seemingly both represent
> > > bitcoin core.
> >
> > There is only one website which represents Bitcoin Core full node
> > implementation. You can download Bitcoin Core from
> > https://bitcoincore.org
>
> I also notice that, as of 22.0, Wladimir is no longer signing the
> releases, and I have no trust in my gpg network of the people who seem
> to have replaced him.
>
He is taking the most sensible way forward, decreasing bus factor.
Read: https://laanwj.github.io/2021/01/21/decentralize.html
>
> Given the level of security at stake here, my eyebrows are raised at
> this combination of items changing (new website + new gpg signers at the
> same time).
>
Don't worry and build your own release;
but if you do, always verify the tree hash.
Trust signed annotated tags.
Cheers!
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 2321 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 19:37 ` Pieter Wuille
@ 2021-10-20 19:49 ` Owen Gunden
0 siblings, 0 replies; 13+ messages in thread
From: Owen Gunden @ 2021-10-20 19:49 UTC (permalink / raw)
To: Pieter Wuille; +Cc: Bitcoin Protocol Discussion
On Wed, Oct 20, 2021 at 07:37:48PM +0000, Pieter Wuille wrote:
> On Wednesday, October 20th, 2021 at 3:20 PM, Owen Gunden via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
> > I also notice that, as of 22.0, Wladimir is no longer signing the
> > releases, and I have no trust in my gpg network of the people who seem
> > to have replaced him.
>
> This is not correct. Here are Wladimir's attestations on the 22.0
> release:
> https://github.com/bitcoin-core/guix.sigs/tree/main/22.0/laanwj
>
> There is no separate special release key anymore though. Instead, the
> build attestations (by anyone) can be used as your trust basis.
Ah, that explains it, thanks Pieter. I was looking for a signature from
the release key 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964,
which was still being supplied as recently as 0.21.1.
> There is no new website. The Bitcoin Core project website has been
> https://bitcoincore.org for years.
Some of us are very old :).
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 19:20 ` Owen Gunden
2021-10-20 19:37 ` Pieter Wuille
@ 2021-10-20 19:43 ` Charles Hill
2021-10-20 20:18 ` Kate Salazar
2 siblings, 0 replies; 13+ messages in thread
From: Charles Hill @ 2021-10-20 19:43 UTC (permalink / raw)
To: bitcoin-dev
Hello, Owen,
The GPG signature verification has changed for bitcoin core version 22
and later. There were two main changes:
1) The sha256 checksums are now in a separate file from the GPG
signatures. So download a new file named "SHA256SUMS" (contains the
checksums) and also the "SHA256SUMS.asc" which contains the signatures.
2) The signature file now contains multiple signatures. These signatures
are generated by multiple "builders" who have provided their own public
keys to verify against. Not all builders will provide a signature for
each release.
You can find more information at bitcoincore.org/en/download/ [1] under
the "Linux verification instructions" section - click to expand.
Instructions about where to find and how to import the full list of
"builder" public keys can be found in the bitcoin core github repo [2].
> I also notice that, as of 22.0, Wladimir is no longer signing the
releases, and I have no trust in my gpg network of the people who seem
to have replaced him.
The list of "builder" public keys includes many long-time bitcoin core
contributors as well as Wladimir's. Caution is always warranted but
please do not spread unnecessary FUD.
- chill
[1] https://bitcoincore.org/en/download/
[2] https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys
On 10/20/21 8:20 PM, Owen Gunden via bitcoin-dev wrote:
> On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
>>> It seems confusing to have two sites that seemingly both represent
>>> bitcoin core.
>> There is only one website which represents Bitcoin Core full node
>> implementation. You can download Bitcoin Core from
>> https://bitcoincore.org
> I also notice that, as of 22.0, Wladimir is no longer signing the
> releases, and I have no trust in my gpg network of the people who seem
> to have replaced him.
>
> Given the level of security at stake here, my eyebrows are raised at
> this combination of items changing (new website + new gpg signers at the
> same time).
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 19:20 ` Owen Gunden
@ 2021-10-20 19:37 ` Pieter Wuille
2021-10-20 19:49 ` Owen Gunden
2021-10-20 19:43 ` Charles Hill
2021-10-20 20:18 ` Kate Salazar
2 siblings, 1 reply; 13+ messages in thread
From: Pieter Wuille @ 2021-10-20 19:37 UTC (permalink / raw)
To: Owen Gunden, Bitcoin Protocol Discussion
On Wednesday, October 20th, 2021 at 3:20 PM, Owen Gunden via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
> I also notice that, as of 22.0, Wladimir is no longer signing the
> releases, and I have no trust in my gpg network of the people who seem
> to have replaced him.
This is not correct. Here are Wladimir's attestations on the 22.0 release: https://github.com/bitcoin-core/guix.sigs/tree/main/22.0/laanwj
There is no separate special release key anymore though. Instead, the build attestations (by anyone) can be used as your trust basis.
> Given the level of security at stake here, my eyebrows are raised at
> this combination of items changing (new website + new gpg signers at the
> same time).
There is no new website. The Bitcoin Core project website has been https://bitcoincore.org for years. I don't know why https://bitcoin.org hasn't updated to list the 22.0 release, though; that's up to them.
Cheers,
--
Pieter
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
2021-10-20 14:47 Prayank
@ 2021-10-20 19:20 ` Owen Gunden
2021-10-20 19:37 ` Pieter Wuille
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: Owen Gunden @ 2021-10-20 19:20 UTC (permalink / raw)
To: Prayank; +Cc: Bitcoin Dev
On Wed, Oct 20, 2021 at 04:47:17PM +0200, Prayank wrote:
> > It seems confusing to have two sites that seemingly both represent
> > bitcoin core.
>
> There is only one website which represents Bitcoin Core full node
> implementation. You can download Bitcoin Core from
> https://bitcoincore.org
I also notice that, as of 22.0, Wladimir is no longer signing the
releases, and I have no trust in my gpg network of the people who seem
to have replaced him.
Given the level of security at stake here, my eyebrows are raised at
this combination of items changing (new website + new gpg signers at the
same time).
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
@ 2021-10-20 14:47 Prayank
2021-10-20 19:20 ` Owen Gunden
0 siblings, 1 reply; 13+ messages in thread
From: Prayank @ 2021-10-20 14:47 UTC (permalink / raw)
To: ogunden; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1078 bytes --]
Hi Owen,
> When I search for "download bitcoin core" my top result is bitcoin.org, which is out of date and doesn't have 22.0
This is an issue related to SEO which only website owners can fix or maybe others can help who know better.
> It seems confusing to have two sites that seemingly both represent bitcoin core.
There is only one website which represents Bitcoin Core full node implementation. You can download Bitcoin Core from https://bitcoincore.org
Ensure that you are using the correct domain as some people have registered domains which use punycode, looks similar and spreading malware: https://bitcoin.stackexchange.com/a/107738/
> Maybe the download links could be removed from bitcoin.org and instead it could just link to bitcoincore.org?
You can open an issue in website repository: https://github.com/bitcoin-dot-org/bitcoin.org and tag Cobra who owns the website and domain.
Alternately you could also try a derivative of Bitcoin Core: https://bitcoinknots.org/ maintained by Luke Dashjr.
--
Prayank
A3B1 E430 2298 178F
[-- Attachment #2: Type: text/html, Size: 1744 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0
@ 2021-10-20 12:54 Owen Gunden
0 siblings, 0 replies; 13+ messages in thread
From: Owen Gunden @ 2021-10-20 12:54 UTC (permalink / raw)
To: bitcoin-dev
When I search for "download bitcoin core" my top result is bitcoin.org,
which is out of date and doesn't have 22.0.
It seems confusing to have two sites that seemingly both represent
bitcoin core.
Maybe the download links could be removed from bitcoin.org and instead
it could just link to bitcoincore.org?
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2021-11-09 12:49 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-20 21:50 [bitcoin-dev] bitcoin.org missing bitcoin core version 22.0 Andrew Chow
-- strict thread matches above, loose matches on Subject: below --
2021-10-20 14:47 Prayank
2021-10-20 19:20 ` Owen Gunden
2021-10-20 19:37 ` Pieter Wuille
2021-10-20 19:49 ` Owen Gunden
2021-10-20 19:43 ` Charles Hill
2021-10-20 20:18 ` Kate Salazar
2021-11-05 8:17 ` Prayank
2021-11-05 10:52 ` damian
2021-11-05 14:45 ` yanmaani
2021-11-08 3:02 ` ZmnSCPxj
2021-11-09 12:49 ` Prayank
2021-10-20 12:54 Owen Gunden
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox