Hi Peter,

> It's quite bizzare to use "off topic comments" as an excuse to close a 
pull-req
> fixing a specific security vulnerability, assuming you actually care 
about that
> vulnerability. 

Do not assign to malovelence what can be assigned to genuine incompentence 
or willful laziness.

In the present case, it's all to bet that the moderators close the PRs, 
without being
aware of your reported security issue on the mailing list. This what you 
expect in
a open-source community managing sensitive security information, where it 
is formally
segregated between actors. I'm certainly not trusting will-ark with bitcoin 
security
information, at least anything beyond begnign issues. 

> As I've said elsewhere, Core could have easily and quietly
> merged that pull-req as-is, possibly by having a few people write some 
obvious
> ACK rationals.

I think this is the kind of issues, given the plausibility we still have 
laggards
of when `mempoolfullrbf` was introduced almost 2 years ago to reconsider 
their 
bitcoin infrastructure deployment, or 0conf acceptance flow. It's always 
polite
and it can only help building strong cultural norms in an ecosystem where 
the economic
traffic is deal with more and more by codebase which are not bitcoin core.

> The only good explanation for closing it is to further delay merging the
> pull-req, as well as disclosing the vulnerability.

I think this is the issue where it is worhty to purse the conservation:
https://github.com/bitcoin-core/meta/issues/5

All that said, I'll re-advocate your integration to the bitcoin security
mailing list by re-opening an issue on the github repository ?

Thanks to confirm you're okay with that (this can be done in private).
Very pragmatically, I'm trusting you more than most of the folks on the
list right now if I have issues to report.

Best,
Antoine
ots hash: 6c6ab1f4264c63245063a35da7f29f9e874a152a68e521b7f2ca2a972584a95d

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/a7ae8eee-11c8-48ea-80f8-4411741c3d3en%40googlegroups.com.