1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <bitcoin-list@bluematt.me>) id 1R1gPJ-0000Zi-Lu
for bitcoin-development@lists.sourceforge.net;
Thu, 08 Sep 2011 15:20:49 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of bluematt.me
designates 173.246.101.161 as permitted sender)
client-ip=173.246.101.161;
envelope-from=bitcoin-list@bluematt.me; helo=mail.bluematt.me;
Received: from vps.bluematt.me ([173.246.101.161] helo=mail.bluematt.me)
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1R1gPI-0001Uq-M9 for bitcoin-development@lists.sourceforge.net;
Thu, 08 Sep 2011 15:20:49 +0000
Received: from [152.23.101.121] (dhcp05455.highsouth-resnet.unc.edu
[152.23.101.121])
by mail.bluematt.me (Postfix) with ESMTPSA id 2CA06EBC
for <bitcoin-development@lists.sourceforge.net>;
Thu, 8 Sep 2011 17:20:08 +0200 (CEST)
From: Matt Corallo <bitcoin-list@bluematt.me>
To: bitcoin-development@lists.sourceforge.net
In-Reply-To: <CAK5y1FhQLWXtqHfB3HymOkZ-5LdTqdEkX8bM=nOGhFeZrOPwgA@mail.gmail.com>
References: <CAK5y1FhQLWXtqHfB3HymOkZ-5LdTqdEkX8bM=nOGhFeZrOPwgA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 08 Sep 2011 11:20:42 -0400
Message-ID: <1315495242.2795.4.camel@BMThinkPad.lan.bluematt.me>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.2
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
-0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain 0.4 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1R1gPI-0001Uq-M9
Subject: Re: [Bitcoin-development] Alert System
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 15:20:49 -0000
On Thu, 2011-09-08 at 07:42 -0700, David Perry wrote:
> There has been some discussion on the new Bitcoin StackExchange site
> lately about the alert protocol. A few have suggested that it might
> carry the potential for abuse (spam/DoS) and others have argued that
> it's merely deprecated. In any case, enough have voiced concerns that
> I've forked bitcoin/bitcoin, removed the snippet of code from main.cpp
> that makes the questionable call and submitted a pull request. On that
> pull request it was noted by Gavin Andresen that it merited discussion
> here and some kind of consensus should be reached before acting on
> that pull request. It was also mentioned that he thought the feature
> was still more useful than dangerous and that he would argue against.
>
>
> So I pose the question to you fine fellows: Is the alert system
> valuable, an unnecessary risk or merely a snippet of deprecated code?
> Should it be removed?
The alert system requires a signature verification when it receives an
alert, but so do blocks and transactions so it really isn't a DoS target
(remember that the alert system requires alerts to be signed by a key
that only gavin and satoshi have).
The alert system could prove very, very valuable. In much software it
carries the risk for abuse or simply seems wrong that the developers can
send a message to everyone's computer to notify them of something, but
keep in mind that Bitcoin is financial software. If there is an urgent
problem (like the overflow bug) there must be a way to notify people to
upgrade immediately, which is exactly what alerts provide. Since alerts
no longer carry the ability to put Bitcoin into RPC safe-mode, they are
literally just a message and I see no reason why they should be removed.
|