1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1XLA9u-0001AM-HR
for bitcoin-development@lists.sourceforge.net;
Sat, 23 Aug 2014 12:11:02 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.177 as permitted sender)
client-ip=74.125.82.177; envelope-from=drak@zikula.org;
helo=mail-we0-f177.google.com;
Received: from mail-we0-f177.google.com ([74.125.82.177])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XLA9i-0007nE-IE
for bitcoin-development@lists.sourceforge.net;
Sat, 23 Aug 2014 12:11:02 +0000
Received: by mail-we0-f177.google.com with SMTP id w62so11337667wes.8
for <bitcoin-development@lists.sourceforge.net>;
Sat, 23 Aug 2014 05:10:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=fvaAPpoqD6f3tzqJBBG8aou392R0RkmdNGTU8v/IdwQ=;
b=jBtcPitjty+dbzazP9xu/JUwtH5K2tl4RAAblMTafi9xBRmw7eGto/5CqVHvnzLoz/
Mr3C+aoghrISLRx2FaVm7K8z8DDPQIjaSvcRCIF4YeQk+iyqjw6JSIofW0FrU6VibAzw
HP1pWJDFrwMSSFuG8N7BHJuhyCgZ0lLMpQpOiK+hWiw/V1SDMJlAaBklGArfVu7MzaU6
oijxHiFNGTsl6I2XS/14xEcZuI0ubYTSyipCuTG0xQGi9vTL3H8E45v4iYQHri48evbZ
jPO4eLU9ldjUGvHaeaEJ54G8cG1hY31OZmdfnLszBHeLXpCy6ghxtvKOr14ZeAvZIEX6
90hg==
X-Gm-Message-State: ALoCoQm23zSjr/e8YZMUuvXVnNmHuOpeoKnghKSImsDc9IFPudzjUeauYxSk4B9vwPzRNB7GgMl9
X-Received: by 10.180.73.6 with SMTP id h6mr3732793wiv.65.1408795537237; Sat,
23 Aug 2014 05:05:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.87.70 with HTTP; Sat, 23 Aug 2014 05:05:17 -0700 (PDT)
In-Reply-To: <CAPg+sBisvpQp_3f5sz3O6+4VSx5FMjDnSaBUqNVFKM+o4Qm4FA@mail.gmail.com>
References: <CAJHLa0NXAYh9HzazN6gArUV8y7J8_G0oqkZqPBgibpW0wRNxKQ@mail.gmail.com>
<2302927.fMx0I5lQth@1337h4x0r> <20140823061701.GQ22640@nl.grid.coop>
<CAPg+sBisvpQp_3f5sz3O6+4VSx5FMjDnSaBUqNVFKM+o4Qm4FA@mail.gmail.com>
From: Drak <drak@zikula.org>
Date: Sat, 23 Aug 2014 13:05:17 +0100
Message-ID: <CANAnSg0GftsnaAGhr4kcVa84Mdb9gfrAPV1UtNGYWWhS9x+P0g@mail.gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=f46d043c7f048f039205014ac553
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1XLA9i-0007nE-IE
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Reconsidering github
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 12:11:02 -0000
--f46d043c7f048f039205014ac553
Content-Type: text/plain; charset=UTF-8
On 23 August 2014 12:38, Pieter Wuille <pieter.wuille@gmail.com> wrote:
> That allows using github as easy-access mechanism for people to
> contribute and inspect, while having a higher security standard for
> the actual changes done to master.
I'd also like to point out the obvious: git uses the previous hash as part
of the formula to generate the current commit hash thus tampering with
history while possible would be instantly noticed because we all have
copies of the repository. Tampering would be completely evident (pushes
would fail for a start, and even simple merges would bork). It's just not
possible to tamper with the repository without it being discovered, even
with collusion (or strong arming) of github.
The social benefits of github make it idea for open source projects that
want community participation. The barrier to entry is low. The only "weak"
spot of github is the releases section, but since we don't actually
distribute Bitcoin from github the point is moot.
I think github haters fail to see the vast benefits of a social hub like
github. Their issue tracker may not be as sophisticated, it serves well and
the project is extremely productive.
Don't shoot yourself in the foot - a move away from github would be a
disaster for the project.
When you look at the attack surface of using github, it's pretty small and
would not go unnoticed, thus nullifying concern.
--f46d043c7f048f039205014ac553
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On 2=
3 August 2014 12:38, Pieter Wuille <span dir=3D"ltr"><<a href=3D"mailto:=
pieter.wuille@gmail.com" target=3D"_blank">pieter.wuille@gmail.com</a>><=
/span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"">That allows using github as =
easy-access mechanism for people to<br></div>
contribute and inspect, while having a higher security standard for<br>
the actual changes done to master.</blockquote><div><br></div><div>I'd =
also like to point out the obvious: git uses the previous hash as part of t=
he formula to generate the current commit hash thus tampering with history =
while possible would be instantly noticed because we all have copies of the=
repository. Tampering would be completely evident (pushes would fail for a=
start, and even simple merges would bork). It's just not possible to t=
amper with the repository without it being discovered, even with collusion =
(or strong arming) of github.</div>
<div><br></div><div>The social benefits of github make it idea for open sou=
rce projects that want community participation. The barrier to entry is low=
. The only "weak" spot of github is the releases section, but sin=
ce we don't actually distribute Bitcoin from github the point is moot.<=
/div>
<div><br></div><div>I think github haters fail to see the vast benefits of =
a social hub like github. Their issue tracker may not be as sophisticated, =
it serves well and the project is extremely productive.=C2=A0</div><div><br=
>
</div><div>Don't shoot yourself in the foot - a move away from github w=
ould be a disaster for the project.</div><div><br></div><div>When you look =
at the attack surface of using github, it's pretty small and would not =
go unnoticed, thus nullifying concern.</div>
</div></div></div>
--f46d043c7f048f039205014ac553--
|