summaryrefslogtreecommitdiff
path: root/96/1eee574d536ef016cecd53bc168cf21b4733b6
blob: 790b2c4e7e00178b97b542f814e1ed2cc68c7166 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
Delivery-date: Sun, 21 Jul 2024 11:03:59 -0700
Received: from mail-yb1-f185.google.com ([209.85.219.185])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC3PT7FYWAMRBB436W2AMGQEUKGFXPY@googlegroups.com>)
	id 1sVauc-00027w-To
	for bitcoindev@gnusha.org; Sun, 21 Jul 2024 11:03:59 -0700
Received: by mail-yb1-f185.google.com with SMTP id 3f1490d57ef6-e087b1cdcd4sf3009089276.3
        for <bitcoindev@gnusha.org>; Sun, 21 Jul 2024 11:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=UzTcfCxQqNNk8IOHvaZJJv7EiVNgZ37EZsO1XCLu07VnIyv/9a44B3E9NHCo4SN+CO
         6faSLIsqtsTKKrrDkqYfdtcyunkm/qMwP7bGDIUYL+dsahpxS7q9eTdH2eRRvN9q166G
         y6ncPqPlLIOtECR22f9vitkPn+coDejq2Kxz83yV2xGvTCNM4zpTGi/AfTrq9qoufC2n
         nEI6dBhqgKsgkh3x63sQgFGI+6P5Am4v+b4hRJkic7Wa3iAVbDQZGvkcRdM6q45pyQuY
         cC7J5kTJHGqgrK976G470GpgLR5pPkpSZxnZmlxdJ/MgUYVJPrtquNylE9Q0MEKgNo0a
         HsiQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=OGQqyfrl5aSNGrUrZUbBU20DwXCXueaGpLj7j1HpEQ4PChUNWZcoDUYwMhBS5ScbVY
         qEAR8Iy4vpCuPmuDauYkAgAB+pQxWYQDKjz8Nj0sBdDKjDEHiZNsHsXoUlfsqDkAt0Kk
         cjnrzKWwKTk7OPSYkN6+iUbfnZPNyD9jFbktwNCURj50rWMn04ZhXN0Kv/Eaw3d+EY1b
         xvjRfGeuYE8S8SQSqr0oWo/KHjHS6iY6WciXA1n2ndaUwNfyxgMrmUWakSxfxtdZ5pp0
         S6b4wDhEe/r+KLZ03vlkEiGFt8UeF4rgh3LQs46vHN01/284h0x9uPygV4wIk9YhClel
         jrdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721585033; x=1722189833;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=;
        b=enP2HTxP8rDg0AWwo+YUXq95cNvDJg4vDYFuokLH/fYGKVfdejbnLcE7wrehanEhzc
         WLFFTez7PvCqbhFJ2+ZlgYiktKSdCRUZwGXv4L+lEGPVOU5tK8mYR3O4pT+vE3jCNy4c
         dmHKCszcBf5QbOaqbbdE4LjL2tLMNIug8lZjc1OZGPF9EIVao7FKu7wVaNbpJ2eTTQtX
         RX6IxQ69QKCEr+TTnoRjLR1q7bY/RKvwtWB6gAbGfOkigfhwSSyv9ELeP4zV6uzLOFwB
         gpHg4TBGA24LA/ePX2fTKi7OUgqeqRhVqKhQ8KxZKtYkASCx13MeonGLli2w02scm4g7
         dviw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVaPoRamFk6MJBbt1DBZ7pWSfJ1msp6v6zWCPovc0iA4mXTA82NrVkVk4d+qesUkiAk6MwJMNgeqZJhSouJMjece5qus80=
X-Gm-Message-State: AOJu0YypGPMDHMP0AS8NOZDQg0oRm34z6B9/w2rDm6wQTn9MhTZ0EUe2
	ZRRwtCgd+yRBAt4YHYtphtLNtYKRrrGxKuag+FzKncEqx8gKWyHk
X-Google-Smtp-Source: AGHT+IHvlIMpEQqp7P7s2KOTH0TwHK4hI2kNFccGkcU1dOF4FcHIRUPvn8gKiSlqYaAmdrVf0xChKw==
X-Received: by 2002:a05:6902:138e:b0:e08:90da:403 with SMTP id 3f1490d57ef6-e0890da25a3mr2831596276.51.1721585032626;
        Sun, 21 Jul 2024 11:03:52 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:e0ce:0:b0:e03:aded:7d3a with SMTP id 3f1490d57ef6-e05fdb738f8ls3002542276.1.-pod-prod-06-us;
 Sun, 21 Jul 2024 11:03:51 -0700 (PDT)
X-Received: by 2002:a05:690c:93:b0:630:e8a:8a15 with SMTP id 00721157ae682-66a6460f80amr5276277b3.0.1721585030862;
        Sun, 21 Jul 2024 11:03:50 -0700 (PDT)
Received: by 2002:a05:690c:2e0a:b0:64a:6fb4:b878 with SMTP id 00721157ae682-669195b3414ms7b3;
        Sat, 20 Jul 2024 19:06:50 -0700 (PDT)
X-Received: by 2002:a05:690c:d84:b0:62f:f535:f41 with SMTP id 00721157ae682-66a65d6ed69mr2590467b3.9.1721527610038;
        Sat, 20 Jul 2024 19:06:50 -0700 (PDT)
Date: Sat, 20 Jul 2024 19:06:49 -0700 (PDT)
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com>
In-Reply-To: <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
 <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com>
 <Zpm73WHBNIkkIT0Y@petertodd.org>
 <CALZpt+HJvBXM_geK7JC8umrt1goq8bc+pnY0mk+o+r_+bjrtew@mail.gmail.com>
 <Zpp6U00Mp7Z/bOej@petertodd.org>
 <4d950527-4430-49f2-8e38-3755bc58e301n@googlegroups.com>
 <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com>
Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The
 Lack of Full-RBF In Core
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_505100_957556592.1721527609826"
X-Original-Sender: antoine.riard@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_505100_957556592.1721527609826
Content-Type: multipart/alternative; 
	boundary="----=_Part_505101_1890754589.1721527609826"

------=_Part_505101_1890754589.1721527609826
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Ava,

Thanks for the answer and the additional information.

I think this is unclear to me if Peter himself was part of the discussion
amongst several members of the security list on re-examining if their=20
presence
and the ones of others was still worthy on the list, be it online or=20
offline.

I fully understrand this is a kind of conversation which certainly does not
warrant to be public, and I mostly agree with that. Yet I believe it's=20
ethically
bordeline to not invite someome to express its own viewpoint in asking to b=
e
removal of its own access, especially in a project that aims to be=20
decentralized
and a technnical meritocracy (-- I believe an ideal we aspire all).

Beyond, and forgive the expression if it's a bit rude, I believe it's a bit=
=20
"naive",
"short-sighted" as a position of the members of the security list, with=20
whatever
level of true consensus such removal has being done (-- and I'm not aware=
=20
there
was operational security emergency that justified such removal).

"Naive", as saying this is the _Bitcoin Core_ project list only can only=20
provoke blind
spot among the list members if the security issues are either affecting old=
=20
part of
the codebases that younger members have less experiences with (some parts=
=20
like consensus
or block-relay are modified only every 5 years) or novel factors from=20
upstream or downstream
(e.g the internet networking stack or implications on deployed contract=20
protocols like
lightning). On both the former and latter criterias, I think Peter overly=
=20
meets the bar.

"Short-sighted", as it's making the members of the security list both party=
=20
and arbiter
of appreciating what is an _active_ contributor among themselves (all in a=
=20
very ethically
bordeline fashion). In my experience with lightning over the past years,=20
with discovering
more and more issues which in fact that arises from imperfect interfacting=
=20
with the base-layer,
I was progressively lead to spend more and more time on the core side as it=
=20
was natural to
have things fixed thhere (or at least advocate so). Of course, I was in=20
consequence less active
on the lighting development day-to-day side. Did it make be less competent=
=20
to be responsive when
issues affected lighting ? I don't believe so (though obviously I'll let=20
other lightning experts
corroborate or infirm this self-cogtratulory statement of mine).

Same for Peter, if he had make the choices to consencrate its open-source=
=20
time on more long-term
things like transaction denial-of-service vectors or analyzing new=20
consensus changes proposals
(whatever the long-erm outcome, R&D is a stochastic process -- his track=20
records with things like
bip65 shall give him a positive presumption)

I think as a community to give such cultural margin to do so, even if it's=
=20
as the trade-off of
less review on day-to-day core things with a more reduced global scope like=
=20
the gui or the wallet.

When you've big sh*t hitting the fan like inflation bugs or level DB 2013=
=20
unexpected fork you
prefer have experts with a decade of experience to collaborate with, and=20
sharing the same cultural
and ethical norms of the active contributors evaluated by numbers on=20
commits on the last single-digit
years.

I'll repropose Peter admission on the security list mailing list in the=20
coming weeks by opening an
issue on the bitcoin-meta repository, once this current mailing list thread=
=20
has slowed down a bit,
or at least the technical analysis has been dissociated from the=20
proceedings which have all been
bundle in a big message. In my very personal opinion, I still trust more=20
Peter competence and experience
than some other people I know who are on the security mailing list.

All that said I appreciate your answer and I'm satisfied from the personal=
=20
role you've have played
in the matter with, and be reassured I'll keep you among the recipient of=
=20
future security issues with
a potential impact on bitcoin core that I might find or be aware off.

Best,
Antoine
ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd54

Le samedi 20 juillet 2024 =C3=A0 01:50:25 UTC+1, Ava Chow a =C3=A9crit :

> On 07/19/2024 07:58 PM, Antoine Riard wrote:
> > As said in one my previous email, I'm still curious about achow101=20
> > explaining publicly
> > why you have been kicked-out of the bitcoin-security mailing list, when=
=20
> > you were certainly
> > more senior than achow101 in matters of base-layer security issues or=
=20
> > even hard technical
> > issues like consensus interactions (e.g bip65). I'll re-iterate my=20
> > respect towards achow101
> > as a maintainer from years of collaboration, though this is a topic=20
> > worthy of an answer.
>
> I am not the one that removed Peter from the mailing list, nor do I even=
=20
> have the login(s) to do so.
>
> There was a discussion amongst several members of the security list=20
> about who was on the list, and who should be on the list. Given that the=
=20
> security list is the _Bitcoin Core_ security list, we determined that=20
> the people who should be on the list are people who still actively=20
> contribute to the project. As Peter Todd no longer actively contribute=20
> code nor code review to the project, we decided that it didn't make=20
> sense to continue to have him on the list.
>
> My recollection is that multiple other people were removed from the list=
=20
> for the same reason at the same time.
>
> Ava
>
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com.

------=_Part_505101_1890754589.1721527609826
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Ava,<br /><br />Thanks for the answer and the additional information.<br=
 /><br />I think this is unclear to me if Peter himself was part of the dis=
cussion<br />amongst several members of the security list on re-examining i=
f their presence<br />and the ones of others was still worthy on the list, =
be it online or offline.<br /><br />I fully understrand this is a kind of c=
onversation which certainly does not<br />warrant to be public, and I mostl=
y agree with that. Yet I believe it's ethically<br />bordeline to not invit=
e someome to express its own viewpoint in asking to be<br />removal of its =
own access, especially in a project that aims to be decentralized<br />and =
a technnical meritocracy (-- I believe an ideal we aspire all).<br /><br />=
Beyond, and forgive the expression if it's a bit rude, I believe it's a bit=
 "naive",<br />"short-sighted" as a position of the members of the security=
 list, with whatever<br />level of true consensus such removal has being do=
ne (-- and I'm not aware there<br />was operational security emergency that=
 justified such removal).<br /><br />"Naive", as saying this is the _Bitcoi=
n Core_ project list only can only provoke blind<br />spot among the list m=
embers if the security issues are either affecting old part of<br />the cod=
ebases that younger members have less experiences with (some parts like con=
sensus<br />or block-relay are modified only every 5 years) or novel factor=
s from upstream or downstream<br />(e.g the internet networking stack or im=
plications on deployed contract protocols like<br />lightning). On both the=
 former and latter criterias, I think Peter overly meets the bar.<br /><br =
/>"Short-sighted", as it's making the members of the security list both par=
ty and arbiter<br />of appreciating what is an _active_ contributor among t=
hemselves (all in a very ethically<br />bordeline fashion). In my experienc=
e with lightning over the past years, with discovering<br />more and more i=
ssues which in fact that arises from imperfect interfacting with the base-l=
ayer,<br />I was progressively lead to spend more and more time on the core=
 side as it was natural to<br />have things fixed thhere (or at least advoc=
ate so). Of course, I was in consequence less active<br />on the lighting d=
evelopment day-to-day side. Did it make be less competent to be responsive =
when<br />issues affected lighting ? I don't believe so (though obviously I=
'll let other lightning experts<br />corroborate or infirm this self-cogtra=
tulory statement of mine).<br /><br />Same for Peter, if he had make the ch=
oices to consencrate its open-source time on more long-term<br />things lik=
e transaction denial-of-service vectors or analyzing new consensus changes =
proposals<br />(whatever the long-erm outcome, R&amp;D is a stochastic proc=
ess -- his track records with things like<br />bip65 shall give him a posit=
ive presumption)<br /><br />I think as a community to give such cultural ma=
rgin to do so, even if it's as the trade-off of<br />less review on day-to-=
day core things with a more reduced global scope like the gui or the wallet=
.<br /><br />When you've big sh*t hitting the fan like inflation bugs or le=
vel DB 2013 unexpected fork you<br />prefer have experts with a decade of e=
xperience to collaborate with, and sharing the same cultural<br />and ethic=
al norms of the active contributors evaluated by numbers on commits on the =
last single-digit<br />years.<br /><br />I'll repropose Peter admission on =
the security list mailing list in the coming weeks by opening an<br />issue=
 on the bitcoin-meta repository, once this current mailing list thread has =
slowed down a bit,<br />or at least the technical analysis has been dissoci=
ated from the proceedings which have all been<br />bundle in a big message.=
 In my very personal opinion, I still trust more Peter competence and exper=
ience<br />than some other people I know who are on the security mailing li=
st.<br /><br />All that said I appreciate your answer and I'm satisfied fro=
m the personal role you've have played<br />in the matter with, and be reas=
sured I'll keep you among the recipient of future security issues with<br /=
>a potential impact on bitcoin core that I might find or be aware off.<br /=
><br />Best,<br />Antoine<br />ots hash: db441b51684ad3a6897f67d42c74ccfcb9=
a4ffed40d4bdbe30a2edd867ccdd54<br /><br /><div class=3D"gmail_quote"><div d=
ir=3D"auto" class=3D"gmail_attr">Le samedi 20 juillet 2024 =C3=A0 01:50:25 =
UTC+1, Ava Chow a =C3=A9crit=C2=A0:<br/></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204=
); padding-left: 1ex;">On 07/19/2024 07:58 PM, Antoine Riard wrote:
<br>&gt; As said in one my previous email, I&#39;m still curious about acho=
w101=20
<br>&gt; explaining publicly
<br>&gt; why you have been kicked-out of the bitcoin-security mailing list,=
 when=20
<br>&gt; you were certainly
<br>&gt; more senior than achow101 in matters of base-layer security issues=
 or=20
<br>&gt; even hard technical
<br>&gt; issues like consensus interactions (e.g bip65). I&#39;ll re-iterat=
e my=20
<br>&gt; respect towards achow101
<br>&gt; as a maintainer from years of collaboration, though this is a topi=
c=20
<br>&gt; worthy of an answer.
<br>
<br>I am not the one that removed Peter from the mailing list, nor do I eve=
n=20
<br>have the login(s) to do so.
<br>
<br>There was a discussion amongst several members of the security list=20
<br>about who was on the list, and who should be on the list. Given that th=
e=20
<br>security list is the _Bitcoin Core_ security list, we determined that=
=20
<br>the people who should be on the list are people who still actively=20
<br>contribute to the project. As Peter Todd no longer actively contribute=
=20
<br>code nor code review to the project, we decided that it didn&#39;t make=
=20
<br>sense to continue to have him on the list.
<br>
<br>My recollection is that multiple other people were removed from the lis=
t=20
<br>for the same reason at the same time.
<br>
<br>Ava
<br>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com</a>.=
<br />

------=_Part_505101_1890754589.1721527609826--

------=_Part_505100_957556592.1721527609826--