1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1VS4H6-0005ZS-HQ
for bitcoin-development@lists.sourceforge.net;
Fri, 04 Oct 2013 12:14:28 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.149.56 as permitted sender)
client-ip=62.13.149.56; envelope-from=pete@petertodd.org;
helo=outmail149056.authsmtp.com;
Received: from outmail149056.authsmtp.com ([62.13.149.56])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1VS4H5-0007Qa-Ea for bitcoin-development@lists.sourceforge.net;
Fri, 04 Oct 2013 12:14:28 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt10.authsmtp.com (8.14.2/8.14.2) with ESMTP id r94CELqg024065;
Fri, 4 Oct 2013 13:14:21 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r94CEGjw060768
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Fri, 4 Oct 2013 13:14:18 +0100 (BST)
Date: Fri, 4 Oct 2013 08:14:15 -0400
From: Peter Todd <pete@petertodd.org>
To: Arto Bendiken <arto@bendiken.net>
Message-ID: <20131004121415.GA7084@savin>
References: <CANEZrP1Sd8cK2YUr4OSvnOxEJrbWpmfdpor-qbap1f98tGqPwg@mail.gmail.com>
<3552695.aET6a1zFq8@momentum> <20131004113517.GA8373@savin>
<CAE7aNuS00t97g8K-sPJv4Xt+zWbWbDEjfkza8oBq4c5RjfRP1Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga"
Content-Disposition: inline
In-Reply-To: <CAE7aNuS00t97g8K-sPJv4Xt+zWbWbDEjfkza8oBq4c5RjfRP1Q@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 7ed2e8e5-2cee-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdgYUF1YAAgsB AmUbWldeUVl7WGo7 bAxPbAVDY01GQQRq
WVdMSlVNFUsqCBhy c2lEFRl0dwJAcDB5 Yk5iEHcOCEYvfRN4
X0wHQDgbZGY1a31N WEBaagNUcgZDfk5E bwQuUz1vNG8XDQg5
AwQ0PjZ0MThBJSBS WgQAK04nCW0MEjN0 XR0cHDgwdQAA
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: petertodd.org]
X-Headers-End: 1VS4H5-0007Qa-Ea
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Code review
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2013 12:14:28 -0000
--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Oct 04, 2013 at 01:58:51PM +0200, Arto Bendiken wrote:
> On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd <pete@petertodd.org> wrote:
> > The second caveat is more specific to Bitcoin: people tend to rebase
> > their pull-requests over and over again until they are accepted, but
> > that also means that code review done earlier doesn't apply to the later
> > code pushed. Bitcoin is a particularly high profile, and high profit,
> > target for people trying to get malicious code into the codebase.
>=20
> On that note, this 2003 example of an attempt to backdoor the Linux
> kernel is pertinent:
>=20
> http://lwn.net/Articles/57135/
>=20
> The backdoor in question came down to a single missing character,
> easily overlooked by a reviewer if a spotlight hadn't been thrown on
> it for other reasons. Compromising a Bitcoin implementation isn't
> going to be as easy as that, one would hope, but certainly it seems
> only a matter of time until there's an attempt at it.
Exactly.
Ideally code review discussions would be PGP signed and have a mechanism
for someone to sign a commit saying they had in fact reviewed it.
Combined with git's per-commit signature mechanism it'd make it possible
to write a git-pull hook that checked that whatever was being pulled had
some sufficient number of signatures from people whose reviews you
trusted. With such a system you could host code review anywhere safely,
or for that matter, use a completely distributed system.
But that's going to be a long way off. In the meantime github is
probably more trustworthy and competent than anything we ran ourselves,
and we should focus on making sure reviewers eyeballs actually look at
the code that ends up in master.
--=20
'peter'[:-1]@petertodd.org
--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJSTrEXAAoJECSBQD2l8JH7bPwIAJhyRqHlPGjOlwBXym0of6Bq
kQYDqg4wzhJQYqRqgiOHXvWbkvs8tw+YWaPdknqVrNWkg2q1mX3//iYsGbr6i/UI
d6SYLVA/MDR9j8Ka6iXlg31Y+SOU1kE+YpdvkpDMaJ74Nu+OnGZE+8R7JW/RWATq
8/av+fcLMb9LykaZidvteXy65qiHP4RuFlKDVku0vpd1yYHgEnh8qn7xJRhjTiCL
xp6fCFoxugLxGzaib/uiY3UqVZdjZbgSbE/d+QIlVfYi4yecVBDxHySmXDwIaSag
YrM6QTFV0BdwObWChedZbXG/6SeUj8k2Qniu6PCdB8j7gw8ngyrpJhJhQDyTXo0=
=XFOH
-----END PGP SIGNATURE-----
--opJtzjQTFsWo+cga--
|
