From: /dev /fd0 <alicexbtong@gmail•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core
Date: Sat, 20 Jul 2024 23:16:44 -0700 (PDT) [thread overview]
Message-ID: <955e7097-ca7a-452a-953f-718aca14cdc6n@googlegroups.com> (raw)
In-Reply-To: <ZpvS2haduzUQiojV@petertodd.org>
[-- Attachment #1.1: Type: text/plain, Size: 2832 bytes --]
Hi Peter,
I agree that handling of vulnerability reports could be improved, although
I have less expectations from bitcoin core to acknowledge any feedback.
Here are a few things that we can do to improve the process:
- Report vulnerabilities anonymously and share real identity with
disclosure later if required.
- Send the email to achow101 or sipa or fanquake and keep
security@bitcoincore•org in Cc.
- Lets create a hall of fame webpage which has the name of all developers
who reported vulnerabilities along with other details. Community could also
donate directly to developers.
- Do not expect response on weekends and wait for at least 7-30 days before
full disclosure if vulnerability report is ignored.
Maybe you and others on mailing list could add suggest more improvements.
/dev/fd0
floppy disk guy
On Saturday, July 20, 2024 at 3:12:46 PM UTC Peter Todd wrote:
> On Fri, Jul 19, 2024 at 10:57:40PM -0700, /dev /fd0 wrote:
> > Hi Antoine,
> >
> > > I'm interested if you can propose a formal or mathematical definition
> of
> > what constitute
> > > an in-topic of off-topic comments on a matters like full RBF, which
> has
> > been controversial
> > > for like a decade.
> >
> > I will quote _willcl-ark_'s last comment as I do not have enough
> > permissions in bitcoin core repository to moderate comments:
> >
> > "However the comments section here has become difficult to follow due to
> > numerous off-topic comments, a few personal disagreements, and
> repetition
> > of arguments. In the interest of having a more productive and focused
> > technical and philosophical discussion we are going to close and lock
> this
> > PR."
> >
> > A new pull request should help reviewers. If you do not agree with it,
> feel
> > free to discuss it with moderators in bitcoin core IRC channel.
>
> It's quite bizzare to use "off topic comments" as an excuse to close a
> pull-req
> fixing a specific security vulnerability, assuming you actually care about
> that
> vulnerability. As I've said elsewhere, Core could have easily and quietly
> merged that pull-req as-is, possibly by having a few people write some
> obvious
> ACK rationals.
>
> The only good explanation for closing it is to further delay merging the
> pull-req, as well as disclosing the vulnerability.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/955e7097-ca7a-452a-953f-718aca14cdc6n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 4032 bytes --]
next prev parent reply other threads:[~2024-07-21 18:04 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-18 15:56 [bitcoindev] " Peter Todd
2024-07-18 23:04 ` [bitcoindev] " Antoine Riard
2024-07-19 1:05 ` Peter Todd
2024-07-19 13:52 ` Antoine Riard
2024-07-19 14:38 ` Peter Todd
2024-07-19 23:58 ` Antoine Riard
2024-07-20 0:46 ` 'Ava Chow' via Bitcoin Development Mailing List
2024-07-21 2:06 ` Antoine Riard
2024-07-21 20:17 ` 'Ava Chow' via Bitcoin Development Mailing List
2024-07-22 1:59 ` 'Anonymous User' via Bitcoin Development Mailing List
2024-07-24 0:44 ` Antoine Riard
2024-07-24 0:35 ` Antoine Riard
2024-07-19 12:41 ` /dev /fd0
2024-07-19 23:56 ` Antoine Riard
2024-07-20 5:57 ` /dev /fd0
2024-07-20 15:08 ` Peter Todd
2024-07-21 2:13 ` Antoine Riard
2024-07-21 6:16 ` /dev /fd0 [this message]
2024-07-21 2:12 ` Antoine Riard
2024-07-19 18:26 ` [bitcoindev] " Murch
2024-07-20 14:10 ` Peter Todd
2024-07-20 6:41 ` David A. Harding
2024-07-20 15:03 ` Peter Todd
2024-07-20 15:30 ` Peter Todd
2024-07-21 15:35 ` David A. Harding
2024-07-21 20:25 ` Peter Todd
2024-07-24 0:38 ` Antoine Riard
2024-07-21 2:10 ` Antoine Riard
2024-07-22 15:10 ` Peter Todd
2024-07-24 0:41 ` Antoine Riard
2024-07-22 11:45 ` [bitcoindev] RBFR makes the CPFP carve-out obsolete with cluster mempool, without upgrading LN nodes; TRUC/V3 does not Peter Todd
2024-07-22 16:43 ` David A. Harding
2024-07-22 20:06 ` Peter Todd
2024-07-22 22:08 ` David A. Harding
2024-07-23 11:29 ` Peter Todd
2024-07-24 0:42 ` Antoine Riard
2024-07-22 17:13 ` [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Peter Todd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=955e7097-ca7a-452a-953f-718aca14cdc6n@googlegroups.com \
--to=alicexbtong@gmail$(echo .)com \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox