From: Greg Troxel <gdt@work•lexort.com>
To: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Linux packaging letter
Date: Fri, 26 Jul 2013 20:43:00 -0400 [thread overview]
Message-ID: <smuzjt8u92j.fsf@linuxpal.mit.edu> (raw)
In-Reply-To: <CAAS2fgTxU4fb6n+fHPomOVDkEY+uoepd7QTPMxbxALYm2Sf3kg@mail.gmail.com>
Gregory Maxwell <gmaxwell@gmail•com> writes:
> It's "portable" to anything that can run the relevant VMs. Uh
> provided you don't mind cross compiling everything from an unbuntu VM.
> It certainly would be nice if the trusted-computing-base for gitian
> were a bit smaller, thats an area for long term improvement for sure.
Thanks - I'll look forward to this being portable someday. Right now it
sounds similar to "a windows binary but you can use wine" with
substitution of variables :-) People may want to look at the NetBSD
build system, which I think achieves bit-identical builds from different
hosts (but I haven't really checked), by having the toolchain be part of
the source and building cross-compilers from host to target and then
using those to build the system.
> Say Bitcoin used a backing database which had an unknown a bug where
> any item with a key that begins with 0xDEADBEEF returns not found when
> queried, even if its in the DB. Once discovered, any database library
> would want to fix that quickly and they'd fix it in a point release
> without reservation. They might not even release note that particular
> fix it if went along with some others, it could even be fixed
> accidentally.
>
> Now say that we have a state where half the Bitcoin network is running
> the old buggy version, and half is running the fixed version. Someone
> creates a transaction with ID 0xDEADBEEF... and then subsequently
> spends the output of that transaction. This could be by pure chance or
> it could be a malicious act.
>
> To half the network that spending transaction looks like someone
> spending coin from nowhere, a violation of the rules. The consensus
> would then fork, effectively partitioning the network. On each fork
> any coin could be spent twice, and the fork will only be resolvable by
> one side or the other abandoning their state (generally the more
> permissive side would need to be abandoned because the permissive one
> is tolerant of the restrictive one's behavior) by manually downgrading
> or patching software. As a result of this parties who believed some
> of their transactions were safely settled would find them reversed by
> people who exploited the inconsistent consensus.
Thanks for the explanation - that indeed makes sense.
>> multiple packages is difficult, and runs into A wants only n of C, while
>> B wants only m.
>
> My understanding is that gentoo is actually able to handle this (and
> does, for Bitcoin)— and really I presume just about everything else
> could with enough effort. I certainly wouldn't ask anyone else to do
> that. If you're really getting into the rathole of building separate
> libraries just for Bitcoin the value of packaging it goes away.
Well, if you insist on not having updates and bugfixes, then either it's
the included version or there's a special package just for you.
Typically packaging systems don't like included versions because often a
package will have a security bug fixed long before there are updates of
packages that bundle that fixed version. But given bitcoin's special
needs, that means you have to stay on top of these dependent included
packages and re-release if there are security fixes (that don't break
consensus).
> Running a complete set of tests is a start— though the unit tests are
> not and cannot be adequate. There is a full systems testing harnesses
> which should be used on new platforms. Even that though isn't really
> adequate, as it is currently infeasible to even achieve complete test
> coverage in things like cryptographic libraries and database
> environments.
It would be nice if the regression tests were installed and it were
normal culturallly for end-users to run them.
Thanks again for the explanation; I understand where you are coming from
now.
prev parent reply other threads:[~2013-07-27 0:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-23 20:01 Mike Hearn
2013-07-23 20:14 ` Gregory Maxwell
2013-07-23 20:32 ` Mike Hearn
2013-07-23 20:50 ` Gregory Maxwell
2013-07-28 18:21 ` John Dillon
2013-07-23 22:02 ` Scott Howard
2013-07-23 22:26 ` Luke-Jr
2013-07-24 3:00 ` Scott Howard
2013-07-24 1:45 ` Douglas Huff
2013-07-24 2:27 ` Scott Howard
2013-07-24 3:54 ` [Bitcoin-development] Endianness (was: Linux packaging letter) Wendell
2013-07-24 4:03 ` Luke-Jr
2013-07-24 4:07 ` Gregory Maxwell
2013-07-24 4:09 ` Gregory Maxwell
2013-07-23 22:33 ` [Bitcoin-development] Linux packaging letter Pieter Wuille
2013-07-23 23:23 ` Greg Troxel
2013-07-23 23:45 ` Luke-Jr
2013-07-24 0:50 ` Gregory Maxwell
2013-07-24 2:35 ` zooko
2013-07-24 3:19 ` Gregory Maxwell
2013-07-24 8:28 ` Mike Hearn
2013-07-24 13:52 ` Jeff Garzik
2013-07-24 15:32 ` zooko
2013-07-24 19:35 ` Gregory Maxwell
2013-07-24 16:01 ` zooko
2013-07-27 0:45 ` Greg Troxel
2013-07-27 0:43 ` Greg Troxel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=smuzjt8u92j.fsf@linuxpal.mit.edu \
--to=gdt@work$(echo .)lexort.com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox