Delivery-date: Sun, 21 Jul 2024 11:03:59 -0700
Received: from mail-yb1-f185.google.com ([209.85.219.185])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC3PT7FYWAMRBB436W2AMGQEUKGFXPY@googlegroups.com>)
	id 1sVauc-00027w-To
	for bitcoindev@gnusha.org; Sun, 21 Jul 2024 11:03:59 -0700
Received: by mail-yb1-f185.google.com with SMTP id 3f1490d57ef6-e087b1cdcd4sf3009089276.3
        for <bitcoindev@gnusha.org>; Sun, 21 Jul 2024 11:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=UzTcfCxQqNNk8IOHvaZJJv7EiVNgZ37EZsO1XCLu07VnIyv/9a44B3E9NHCo4SN+CO
         6faSLIsqtsTKKrrDkqYfdtcyunkm/qMwP7bGDIUYL+dsahpxS7q9eTdH2eRRvN9q166G
         y6ncPqPlLIOtECR22f9vitkPn+coDejq2Kxz83yV2xGvTCNM4zpTGi/AfTrq9qoufC2n
         nEI6dBhqgKsgkh3x63sQgFGI+6P5Am4v+b4hRJkic7Wa3iAVbDQZGvkcRdM6q45pyQuY
         cC7J5kTJHGqgrK976G470GpgLR5pPkpSZxnZmlxdJ/MgUYVJPrtquNylE9Q0MEKgNo0a
         HsiQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=OGQqyfrl5aSNGrUrZUbBU20DwXCXueaGpLj7j1HpEQ4PChUNWZcoDUYwMhBS5ScbVY
         qEAR8Iy4vpCuPmuDauYkAgAB+pQxWYQDKjz8Nj0sBdDKjDEHiZNsHsXoUlfsqDkAt0Kk
         cjnrzKWwKTk7OPSYkN6+iUbfnZPNyD9jFbktwNCURj50rWMn04ZhXN0Kv/Eaw3d+EY1b
         xvjRfGeuYE8S8SQSqr0oWo/KHjHS6iY6WciXA1n2ndaUwNfyxgMrmUWakSxfxtdZ5pp0
         S6b4wDhEe/r+KLZ03vlkEiGFt8UeF4rgh3LQs46vHN01/284h0x9uPygV4wIk9YhClel
         jrdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721585033; x=1722189833;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=enP2HTxP8rDg0AWwo+YUXq95cNvDJg4vDYFuokLH/fYGKVfdejbnLcE7wrehanEhzc
         WLFFTez7PvCqbhFJ2+ZlgYiktKSdCRUZwGXv4L+lEGPVOU5tK8mYR3O4pT+vE3jCNy4c
         dmHKCszcBf5QbOaqbbdE4LjL2tLMNIug8lZjc1OZGPF9EIVao7FKu7wVaNbpJ2eTTQtX
         RX6IxQ69QKCEr+TTnoRjLR1q7bY/RKvwtWB6gAbGfOkigfhwSSyv9ELeP4zV6uzLOFwB
         gpHg4TBGA24LA/ePX2fTKi7OUgqeqRhVqKhQ8KxZKtYkASCx13MeonGLli2w02scm4g7
         dviw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVaPoRamFk6MJBbt1DBZ7pWSfJ1msp6v6zWCPovc0iA4mXTA82NrVkVk4d+qesUkiAk6MwJMNgeqZJhSouJMjece5qus80=
X-Gm-Message-State: AOJu0YypGPMDHMP0AS8NOZDQg0oRm34z6B9/w2rDm6wQTn9MhTZ0EUe2
	ZRRwtCgd+yRBAt4YHYtphtLNtYKRrrGxKuag+FzKncEqx8gKWyHk
X-Google-Smtp-Source: AGHT+IHvlIMpEQqp7P7s2KOTH0TwHK4hI2kNFccGkcU1dOF4FcHIRUPvn8gKiSlqYaAmdrVf0xChKw==
X-Received: by 2002:a05:6902:138e:b0:e08:90da:403 with SMTP id 3f1490d57ef6-e0890da25a3mr2831596276.51.1721585032626;
        Sun, 21 Jul 2024 11:03:52 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:e0ce:0:b0:e03:aded:7d3a with SMTP id 3f1490d57ef6-e05fdb738f8ls3002542276.1.-pod-prod-06-us;
 Sun, 21 Jul 2024 11:03:51 -0700 (PDT)
X-Received: by 2002:a05:690c:93:b0:630:e8a:8a15 with SMTP id 00721157ae682-66a6460f80amr5276277b3.0.1721585030862;
        Sun, 21 Jul 2024 11:03:50 -0700 (PDT)
Received: by 2002:a05:690c:2e0a:b0:64a:6fb4:b878 with SMTP id 00721157ae682-669195b3414ms7b3;
        Sat, 20 Jul 2024 19:06:50 -0700 (PDT)
X-Received: by 2002:a05:690c:d84:b0:62f:f535:f41 with SMTP id 00721157ae682-66a65d6ed69mr2590467b3.9.1721527610038;
        Sat, 20 Jul 2024 19:06:50 -0700 (PDT)
Date: Sat, 20 Jul 2024 19:06:49 -0700 (PDT)
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com>
In-Reply-To: <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
 <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com>
 <Zpm73WHBNIkkIT0Y@petertodd.org>
 <CALZpt+HJvBXM_geK7JC8umrt1goq8bc+pnY0mk+o+r_+bjrtew@mail.gmail.com>
 <Zpp6U00Mp7Z/bOej@petertodd.org>
 <4d950527-4430-49f2-8e38-3755bc58e301n@googlegroups.com>
 <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com>
Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The
 Lack of Full-RBF In Core
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_505100_957556592.1721527609826"
X-Original-Sender: antoine.riard@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_505100_957556592.1721527609826
Content-Type: multipart/alternative; 
	boundary="----=_Part_505101_1890754589.1721527609826"

------=_Part_505101_1890754589.1721527609826
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Ava,

Thanks for the answer and the additional information.

I think this is unclear to me if Peter himself was part of the discussion
amongst several members of the security list on re-examining if their=20
presence
and the ones of others was still worthy on the list, be it online or=20
offline.

I fully understrand this is a kind of conversation which certainly does not
warrant to be public, and I mostly agree with that. Yet I believe it's=20
ethically
bordeline to not invite someome to express its own viewpoint in asking to b=
e
removal of its own access, especially in a project that aims to be=20
decentralized
and a technnical meritocracy (-- I believe an ideal we aspire all).

Beyond, and forgive the expression if it's a bit rude, I believe it's a bit=
=20
"naive",
"short-sighted" as a position of the members of the security list, with=20
whatever
level of true consensus such removal has being done (-- and I'm not aware=
=20
there
was operational security emergency that justified such removal).

"Naive", as saying this is the _Bitcoin Core_ project list only can only=20
provoke blind
spot among the list members if the security issues are either affecting old=
=20
part of
the codebases that younger members have less experiences with (some parts=
=20
like consensus
or block-relay are modified only every 5 years) or novel factors from=20
upstream or downstream
(e.g the internet networking stack or implications on deployed contract=20
protocols like
lightning). On both the former and latter criterias, I think Peter overly=
=20
meets the bar.

"Short-sighted", as it's making the members of the security list both party=
=20
and arbiter
of appreciating what is an _active_ contributor among themselves (all in a=
=20
very ethically
bordeline fashion). In my experience with lightning over the past years,=20
with discovering
more and more issues which in fact that arises from imperfect interfacting=
=20
with the base-layer,
I was progressively lead to spend more and more time on the core side as it=
=20
was natural to
have things fixed thhere (or at least advocate so). Of course, I was in=20
consequence less active
on the lighting development day-to-day side. Did it make be less competent=
=20
to be responsive when
issues affected lighting ? I don't believe so (though obviously I'll let=20
other lightning experts
corroborate or infirm this self-cogtratulory statement of mine).

Same for Peter, if he had make the choices to consencrate its open-source=
=20
time on more long-term
things like transaction denial-of-service vectors or analyzing new=20
consensus changes proposals
(whatever the long-erm outcome, R&D is a stochastic process -- his track=20
records with things like
bip65 shall give him a positive presumption)

I think as a community to give such cultural margin to do so, even if it's=
=20
as the trade-off of
less review on day-to-day core things with a more reduced global scope like=
=20
the gui or the wallet.

When you've big sh*t hitting the fan like inflation bugs or level DB 2013=
=20
unexpected fork you
prefer have experts with a decade of experience to collaborate with, and=20
sharing the same cultural
and ethical norms of the active contributors evaluated by numbers on=20
commits on the last single-digit
years.

I'll repropose Peter admission on the security list mailing list in the=20
coming weeks by opening an
issue on the bitcoin-meta repository, once this current mailing list thread=
=20
has slowed down a bit,
or at least the technical analysis has been dissociated from the=20
proceedings which have all been
bundle in a big message. In my very personal opinion, I still trust more=20
Peter competence and experience
than some other people I know who are on the security mailing list.

All that said I appreciate your answer and I'm satisfied from the personal=
=20
role you've have played
in the matter with, and be reassured I'll keep you among the recipient of=
=20
future security issues with
a potential impact on bitcoin core that I might find or be aware off.

Best,
Antoine
ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd54

Le samedi 20 juillet 2024 =C3=A0 01:50:25 UTC+1, Ava Chow a =C3=A9crit :

> On 07/19/2024 07:58 PM, Antoine Riard wrote:
> > As said in one my previous email, I'm still curious about achow101=20
> > explaining publicly
> > why you have been kicked-out of the bitcoin-security mailing list, when=
=20
> > you were certainly
> > more senior than achow101 in matters of base-layer security issues or=
=20
> > even hard technical
> > issues like consensus interactions (e.g bip65). I'll re-iterate my=20
> > respect towards achow101
> > as a maintainer from years of collaboration, though this is a topic=20
> > worthy of an answer.
>
> I am not the one that removed Peter from the mailing list, nor do I even=
=20
> have the login(s) to do so.
>
> There was a discussion amongst several members of the security list=20
> about who was on the list, and who should be on the list. Given that the=
=20
> security list is the _Bitcoin Core_ security list, we determined that=20
> the people who should be on the list are people who still actively=20
> contribute to the project. As Peter Todd no longer actively contribute=20
> code nor code review to the project, we decided that it didn't make=20
> sense to continue to have him on the list.
>
> My recollection is that multiple other people were removed from the list=
=20
> for the same reason at the same time.
>
> Ava
>
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com.

------=_Part_505101_1890754589.1721527609826
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Ava,<br /><br />Thanks for the answer and the additional information.<br=
 /><br />I think this is unclear to me if Peter himself was part of the dis=
cussion<br />amongst several members of the security list on re-examining i=
f their presence<br />and the ones of others was still worthy on the list, =
be it online or offline.<br /><br />I fully understrand this is a kind of c=
onversation which certainly does not<br />warrant to be public, and I mostl=
y agree with that. Yet I believe it's ethically<br />bordeline to not invit=
e someome to express its own viewpoint in asking to be<br />removal of its =
own access, especially in a project that aims to be decentralized<br />and =
a technnical meritocracy (-- I believe an ideal we aspire all).<br /><br />=
Beyond, and forgive the expression if it's a bit rude, I believe it's a bit=
 "naive",<br />"short-sighted" as a position of the members of the security=
 list, with whatever<br />level of true consensus such removal has being do=
ne (-- and I'm not aware there<br />was operational security emergency that=
 justified such removal).<br /><br />"Naive", as saying this is the _Bitcoi=
n Core_ project list only can only provoke blind<br />spot among the list m=
embers if the security issues are either affecting old part of<br />the cod=
ebases that younger members have less experiences with (some parts like con=
sensus<br />or block-relay are modified only every 5 years) or novel factor=
s from upstream or downstream<br />(e.g the internet networking stack or im=
plications on deployed contract protocols like<br />lightning). On both the=
 former and latter criterias, I think Peter overly meets the bar.<br /><br =
/>"Short-sighted", as it's making the members of the security list both par=
ty and arbiter<br />of appreciating what is an _active_ contributor among t=
hemselves (all in a very ethically<br />bordeline fashion). In my experienc=
e with lightning over the past years, with discovering<br />more and more i=
ssues which in fact that arises from imperfect interfacting with the base-l=
ayer,<br />I was progressively lead to spend more and more time on the core=
 side as it was natural to<br />have things fixed thhere (or at least advoc=
ate so). Of course, I was in consequence less active<br />on the lighting d=
evelopment day-to-day side. Did it make be less competent to be responsive =
when<br />issues affected lighting ? I don't believe so (though obviously I=
'll let other lightning experts<br />corroborate or infirm this self-cogtra=
tulory statement of mine).<br /><br />Same for Peter, if he had make the ch=
oices to consencrate its open-source time on more long-term<br />things lik=
e transaction denial-of-service vectors or analyzing new consensus changes =
proposals<br />(whatever the long-erm outcome, R&amp;D is a stochastic proc=
ess -- his track records with things like<br />bip65 shall give him a posit=
ive presumption)<br /><br />I think as a community to give such cultural ma=
rgin to do so, even if it's as the trade-off of<br />less review on day-to-=
day core things with a more reduced global scope like the gui or the wallet=
.<br /><br />When you've big sh*t hitting the fan like inflation bugs or le=
vel DB 2013 unexpected fork you<br />prefer have experts with a decade of e=
xperience to collaborate with, and sharing the same cultural<br />and ethic=
al norms of the active contributors evaluated by numbers on commits on the =
last single-digit<br />years.<br /><br />I'll repropose Peter admission on =
the security list mailing list in the coming weeks by opening an<br />issue=
 on the bitcoin-meta repository, once this current mailing list thread has =
slowed down a bit,<br />or at least the technical analysis has been dissoci=
ated from the proceedings which have all been<br />bundle in a big message.=
 In my very personal opinion, I still trust more Peter competence and exper=
ience<br />than some other people I know who are on the security mailing li=
st.<br /><br />All that said I appreciate your answer and I'm satisfied fro=
m the personal role you've have played<br />in the matter with, and be reas=
sured I'll keep you among the recipient of future security issues with<br /=
>a potential impact on bitcoin core that I might find or be aware off.<br /=
><br />Best,<br />Antoine<br />ots hash: db441b51684ad3a6897f67d42c74ccfcb9=
a4ffed40d4bdbe30a2edd867ccdd54<br /><br /><div class=3D"gmail_quote"><div d=
ir=3D"auto" class=3D"gmail_attr">Le samedi 20 juillet 2024 =C3=A0 01:50:25 =
UTC+1, Ava Chow a =C3=A9crit=C2=A0:<br/></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204=
); padding-left: 1ex;">On 07/19/2024 07:58 PM, Antoine Riard wrote:
<br>&gt; As said in one my previous email, I&#39;m still curious about acho=
w101=20
<br>&gt; explaining publicly
<br>&gt; why you have been kicked-out of the bitcoin-security mailing list,=
 when=20
<br>&gt; you were certainly
<br>&gt; more senior than achow101 in matters of base-layer security issues=
 or=20
<br>&gt; even hard technical
<br>&gt; issues like consensus interactions (e.g bip65). I&#39;ll re-iterat=
e my=20
<br>&gt; respect towards achow101
<br>&gt; as a maintainer from years of collaboration, though this is a topi=
c=20
<br>&gt; worthy of an answer.
<br>
<br>I am not the one that removed Peter from the mailing list, nor do I eve=
n=20
<br>have the login(s) to do so.
<br>
<br>There was a discussion amongst several members of the security list=20
<br>about who was on the list, and who should be on the list. Given that th=
e=20
<br>security list is the _Bitcoin Core_ security list, we determined that=
=20
<br>the people who should be on the list are people who still actively=20
<br>contribute to the project. As Peter Todd no longer actively contribute=
=20
<br>code nor code review to the project, we decided that it didn&#39;t make=
=20
<br>sense to continue to have him on the list.
<br>
<br>My recollection is that multiple other people were removed from the lis=
t=20
<br>for the same reason at the same time.
<br>
<br>Ava
<br>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com</a>.=
<br />

------=_Part_505101_1890754589.1721527609826--

------=_Part_505100_957556592.1721527609826--