* [bitcoin-dev] Bitcoin Core update notice
@ 2018-09-19 0:06 Pieter Wuille
2018-09-21 22:39 ` [bitcoin-dev] [bitcoin-core-dev] " gb
0 siblings, 1 reply; 4+ messages in thread
From: Pieter Wuille @ 2018-09-19 0:06 UTC (permalink / raw)
To: Bitcoin Dev, bitcoin-core-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello all,
Bitcoin Core 0.16.3 was just released with a fix for
CVE-2018-17144:
https://bitcoincore.org/en/2018/09/18/release-0.16.3/
We urge all network participants to upgrade to 0.16.3[*] as soon
as possible.
[*] For those who build from source, the 0.14, 0.15, 0.16, 0.17,
and master branches on GitHub (https://github.com/bitcoin/bitcoin)
are fixed as well.
- --
Pieter
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErGYmFy4AqCz/rolypjbpdjH3Z+AFAluhkogACgkQpjbpdjH3
Z+AZFg//a1UzupFYJPwM8iFWycIk3iU6VijgvuoeWv4Bq+BHxw/UtVsyI5XA4X/M
27wm7RtHQvgP/5BcWOTyXtX3WorKAVs3y6Ha3Ib67DEWUQ7HmWex1H5iSShO3PS0
lle1mwfqRY0/vC/zjIqqXiGrTstvy7Et6evTqc2zrsJrsc5pxyKxehYb0dtaR+9e
CzoioYhUWcYxy0LCtMztVBUlts8OfMK1xhpCDCk/XIVoJEqJuW5/wmux9tR0sxoJ
elEVdRGPrNfQ4lPQXDin8oUuRQ/bdfjncOu+CEWS6LgIIUXdWbzehxLpG80jCvzM
Id7ALPsTgazfj0y8EUyBlkrwlgHHIxGpHfxUJyybWMvJmjbRCQpIMKSTNsuY4DxD
mi8p2ZTfM03k7nLZbiZZdI3sGw6eACrTIx38tS+MiC8Hr69lHClTww8Q4qsMqHHd
X/eOQXLTtPzLeN9m5SmoFGFlHyHFMs+hMrhzIpig9n+sZbrYvDBOJlw28t3tYGKR
Z/WfpIUot6HdWJjsNkf3BLZF12BB/iwe2AplYYqUE8N8b6mJvbA2PkcXNbgAGexR
ySGl/CTMrpDKE5/m7cjP3h/5CSQ5M4YBPI3HijCWJQ/fSoAq9VTz0x+9V3pJyiDf
fSSdJa7QhS3flBcQ3HlrXaLBaosHoT3PHf4d16iyR6fvcn4s4HQ=
=nubz
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] [bitcoin-core-dev] Bitcoin Core update notice
2018-09-19 0:06 [bitcoin-dev] Bitcoin Core update notice Pieter Wuille
@ 2018-09-21 22:39 ` gb
2018-09-22 4:56 ` Andrew Chow
2018-09-22 4:59 ` Gregory Maxwell
0 siblings, 2 replies; 4+ messages in thread
From: gb @ 2018-09-21 22:39 UTC (permalink / raw)
To: Pieter Wuille, Bitcoin Core Discussion; +Cc: Bitcoin Dev
If the bugfix can be backported to earlier versions why is the
hype/hysteria about "everybody" must immediately upgrade to 0.16.3
currently being spread on the forums/reddit?
https://bitcointalk.org/index.php?topic=5034070.0
https://old.reddit.com/r/Bitcoin/comments/9hp90p/1775_nodes_out_of_9616_185_are_currently_on/
I don't see any effort to correct this misinformation either.
Regards.
On Tue, 2018-09-18 at 17:06 -0700, Pieter Wuille via bitcoin-core-dev
wrote:
> Hello all,
>
> Bitcoin Core 0.16.3 was just released with a fix for
> CVE-2018-17144:
> https://bitcoincore.org/en/2018/09/18/release-0.16.3/
>
> We urge all network participants to upgrade to 0.16.3[*] as soon
> as possible.
>
> [*] For those who build from source, the 0.14, 0.15, 0.16, 0.17,
> and master branches on GitHub (https://github.com/bitcoin/bitcoin)
> are fixed as well.
>
> --
> Pieter
> _______________________________________________
> bitcoin-core-dev mailing list
> bitcoin-core-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-core-dev
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] [bitcoin-core-dev] Bitcoin Core update notice
2018-09-21 22:39 ` [bitcoin-dev] [bitcoin-core-dev] " gb
@ 2018-09-22 4:56 ` Andrew Chow
2018-09-22 4:59 ` Gregory Maxwell
1 sibling, 0 replies; 4+ messages in thread
From: Andrew Chow @ 2018-09-22 4:56 UTC (permalink / raw)
To: gb, Bitcoin Protocol Discussion, Pieter Wuille, Bitcoin Core Discussion
The backported versions have not been released yet. They are still going
through the gitian build process. 0.16.3 was the first one to be
released so that is the one that everyone is being recommended to
upgrade to. Regardless, you should upgrade to a patched version, whether
that is 0.14.3, 0.15.2, or 0.16.3. It is not misinformation that
everybody must upgrade.
On 09/21/2018 06:39 PM, gb via bitcoin-dev wrote:
> If the bugfix can be backported to earlier versions why is the
> hype/hysteria about "everybody" must immediately upgrade to 0.16.3
> currently being spread on the forums/reddit?
>
> https://bitcointalk.org/index.php?topic=5034070.0
> https://old.reddit.com/r/Bitcoin/comments/9hp90p/1775_nodes_out_of_9616_185_are_currently_on/
>
> I don't see any effort to correct this misinformation either.
>
> Regards.
>
> On Tue, 2018-09-18 at 17:06 -0700, Pieter Wuille via bitcoin-core-dev
> wrote:
>> Hello all,
>>
>> Bitcoin Core 0.16.3 was just released with a fix for
>> CVE-2018-17144:
>> https://bitcoincore.org/en/2018/09/18/release-0.16.3/
>>
>> We urge all network participants to upgrade to 0.16.3[*] as soon
>> as possible.
>>
>> [*] For those who build from source, the 0.14, 0.15, 0.16, 0.17,
>> and master branches on GitHub (https://github.com/bitcoin/bitcoin)
>> are fixed as well.
>>
>> --
>> Pieter
>> _______________________________________________
>> bitcoin-core-dev mailing list
>> bitcoin-core-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-core-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] [bitcoin-core-dev] Bitcoin Core update notice
2018-09-21 22:39 ` [bitcoin-dev] [bitcoin-core-dev] " gb
2018-09-22 4:56 ` Andrew Chow
@ 2018-09-22 4:59 ` Gregory Maxwell
1 sibling, 0 replies; 4+ messages in thread
From: Gregory Maxwell @ 2018-09-22 4:59 UTC (permalink / raw)
To: gb, Bitcoin Dev; +Cc: bitcoin-core-dev
On Sat, Sep 22, 2018 at 4:25 AM gb via bitcoin-dev
<bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> If the bugfix can be backported to earlier versions why is the
Have been backported, not merely can be.
> hype/hysteria about "everybody" must immediately upgrade to 0.16.3
> currently being spread on the forums/reddit?
For instructions to be effective they need to be concise. Presenting
people with a complex decision tree is not a way to maximize wellfare.
The few parties that would be better off on some other version already
know that they have some reason to not run the latest stable, and can
do more research to find out their other options. The announcement
posted on the bitcoin core site, I think is adequately clear but if
you see an opportunity to improve it, please make suggestions.
> I don't see any effort to correct this misinformation either.
It's decent advice, not misinformation. You can run the fixed earlier
versions but they have other issues, I wouldn't recommend anyone run
older versions generally.
Reasoning about risk is complicated. For example, when people were
talking about only the crash component of the issue there were some
people stating "I don't care if I go down, an unlikely delay in
processing payments would not be a problem." But, in fact, a network
exploitable crash is pretty dangerous: an attacker can carve up the
network into partitions that will produce long valid forks and reorg
against each other, enabling double-spends. The best one sentence
advice available is to upgrade to the latest version. You'd probably
have to get up to two page explanations discussing trade-offs before
it makes sense to talk about running a fixed 0.14 or what not.
Theymos' language is stronger than I would have chosen, but I think
it's language that errors on the side of protecting people from harm.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-09-22 5:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-19 0:06 [bitcoin-dev] Bitcoin Core update notice Pieter Wuille
2018-09-21 22:39 ` [bitcoin-dev] [bitcoin-core-dev] " gb
2018-09-22 4:56 ` Andrew Chow
2018-09-22 4:59 ` Gregory Maxwell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox