-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arriving slightly late to the discussion, apologies.

Personally I wouldn't have written that patch, but I know development of hostile patches happens out of sight, and if it can be written, we have to presume it will be written eventually. I'd have preferred a patch that only replaced non-final txes, which is the use-case I have for transaction replacement, but that's easy to add back in.

I'm certainly not terribly convinced of the security of vanilla zero-confirmation transactions myself, for reasons including but not limited to this case. I also think it's important to understand that people do make irrational decisions, and trusting network security on everyone behaving perfectly rationally is not a workable model either.

TLDR; me too

Ross

On 12/02/15 20:36, Allen Piscitello wrote:
> You keep making moral judgements.  Reality is, if you live in a world with
> arsonists, you need to have a building that won't catch on fire, or has
> fire extinguishers in place.  Do not depend on arsonists ignoring you
> forever as your security model.  Penetration testing to know what
> weaknesses exist, what limitations exist, and what can be improved is
> essential.  Keeping your head in the sand and hoping people choose to do
> the right thing only ends one way.
>
> On Thu, Feb 12, 2015 at 1:52 PM, Justus Ranvier <justusranvier@riseup.net>
> wrote:
>
> On 02/12/2015 07:47 PM, Allen Piscitello wrote:
> >>> Nothing will stop that.  Bitcoin needs to deal with those issues,
> >>> not stick our heads in the sand and pretend they don't exist out of
> >>> benevolence. This isn't a pet solution, but the rules of the
> >>> protocol and what is realistically possible given the nature of
> >>> distributed consensus.  Relying on altruism is a recipe for
> >>> failure.
>
> If there's a risk of fire burning down wooden buildings, pass out fire
> extinguishers and smoke detectors, not matches.
>
> The latter makes one an arsonist.
>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU31/yAAoJEJFC5fflM8475YIIAI7nxgxUdkKiMePMqtvPOi25
U+WCxjvIK0ZRTAV30POC7fKLT2mK0gPusSS7LtNJpPKvpC98VcSD5HWE49K80Yo9
9+QI7X7xBau1jjLo+27uOex0bJ6JwP1DSMpC12AQbMmi4FnyG+M5FMkr5/OnSxeF
cd4lT2UF7yTJPRy0+A9LwertL5Sv1yeOJJ9jtWuXgixapmHN+1Zm2VkGnur55V64
vnonlixlUMwnZNxDVoRhjTWm1P/lmCejvmvTRvcBomUlAEgRQF4TtF4YMBYXS97S
5WYrxOHLgTfTWr3FJuOnd+CVBRgZGw3u30ktaSErelyMG19lJOusBPdHTQFkV30=
=eWPj
-----END PGP SIGNATURE-----