From: Gregory Maxwell <gmaxwell@gmail•com>
To: Matthew Mitchell <matthewmitchell@thelibertyportal•com>
Cc: "bitcoin-development@lists•sourceforge.net"
<bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] 0.8.1 ideas
Date: Wed, 13 Mar 2013 13:24:50 -0700 [thread overview]
Message-ID: <CAAS2fgR-8XC_zG1fTxyxGV+hZVDJ3DqD3LSeDm36Y3X355YQ+g@mail.gmail.com> (raw)
In-Reply-To: <16B6728E-4220-4DA6-B740-FA38A7C19CCB@thelibertyportal.com>
On Wed, Mar 13, 2013 at 1:10 PM, Matthew Mitchell
<matthewmitchell@thelibertyportal•com> wrote:
> Why would it be a difficulty in getting people to update away from 0.7 and earlier? How long would that roughly take? If people are hesitant to update, imagine if a more serious vulnerability is found. It could be disastrous.
The development community backports critical fixes which makes
updating instead of upgrading possible, but that still is not free.
Many people are carrying patches against Bitcoin which require
integration and time for testing— even if its just an update. Small
behavior changes can still break things for the users. For example, a
major mining pool lost well over 1000 BTC when upgrading to 0.8
because the reindex interacted poorly with their pool server software
and caused them to pay people 25 BTC per share, an update or upgrade
is just a risky even whos risk can be minimized if its done at your
own pace.
Sometimes when there is a vulnerability what people will do is isolate
their production nodes from the internet using upgraded nodes, so they
avoid touching the production systems. Other times the vulnerability
is only a DOS attack so they ignore it unless the attack happens, or
only applies to something else they don't care about.
Another point is that if everyone instantly upgrades in response to
developers claim that an urgent is needed (as opposed to implementing
other workarounds) then the security of the system much more obviously
reduces to the ability to compromise a developer— something no one
should want. When roll outs take time there is more time for review to
catch things, fewer nodes harmed by an introduced flaw, etc.
next prev parent reply other threads:[~2013-03-13 20:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-13 12:56 Luke-Jr
2013-03-13 13:14 ` Gregory Maxwell
2013-03-13 15:05 ` Peter Todd
2013-03-13 15:18 ` Gregory Maxwell
2013-03-13 15:26 ` Luke-Jr
2013-03-13 16:04 ` Peter Todd
2013-03-13 17:41 ` Mark Friedenbach
2013-03-13 17:58 ` Pieter Wuille
2013-03-13 18:27 ` Mark Friedenbach
2013-03-13 18:35 ` slush
2013-03-13 18:38 ` Pieter Wuille
2013-03-13 19:30 ` Gregory Maxwell
[not found] ` <16B6728E-4220-4DA6-B740-FA38A7C19CCB@thelibertyportal.com>
2013-03-13 20:24 ` Gregory Maxwell [this message]
2013-03-13 20:18 ` Luke-Jr
2013-03-13 18:04 ` Luke-Jr
2013-03-13 21:06 ` Andy Parkins
2013-03-13 21:14 ` Luke-Jr
2013-03-13 21:22 ` Roy Badami
2013-03-13 21:27 ` Gregory Maxwell
2013-03-13 21:36 ` Roy Badami
2013-03-14 0:18 ` Cameron Garnham
2013-03-15 17:06 ` Benjamin Lindner
2013-03-15 19:23 ` Luke-Jr
2013-03-15 19:52 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAS2fgR-8XC_zG1fTxyxGV+hZVDJ3DqD3LSeDm36Y3X355YQ+g@mail.gmail.com \
--to=gmaxwell@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=matthewmitchell@thelibertyportal$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox