Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9BFC795D for ; Tue, 12 Sep 2017 16:10:24 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f42.google.com (mail-pg0-f42.google.com [74.125.83.42]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A7E4D467 for ; Tue, 12 Sep 2017 16:10:23 +0000 (UTC) Received: by mail-pg0-f42.google.com with SMTP id u18so5505382pgo.0 for ; Tue, 12 Sep 2017 09:10:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitcartel-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=8hQVg6XeWjra2mX+51NWelGSzORLoHfspUEEpYmlA6s=; b=dxVyUw9LK0qyDAHfw5JbEwNWooXdKLrwttF6gYWC6xqsphAfcLobF6sFGzJTM9GcxZ Z6z3xjkUTqApD8cU75fJGEd6ZuoHhX8VdGgVkpF0b3+fj84x7EF2b0XAz01d9IR2E9vM fZjxIxf0rGsRfjxM2YGOmTDBeqcNVc06Jwf4sbntoV7PJrBTtqQsyqj/PJrMYFxWQowu cevjwS+pg57NPK3mek3cAdlwbjCTXBKjspeU43xhWh+uLvqZ6nflYjgXwxiwugDxYa6S 5U10BQDokzicHXrO6nj+uqEgl44rkapK0w6AcbCuplv4Rf70a7Vr+5TRN1mZkEK8qBUt yOHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=8hQVg6XeWjra2mX+51NWelGSzORLoHfspUEEpYmlA6s=; b=GkzaTXQloOakzHNzkC/IroZGPcDcLMxD+Twt4SDPpcDLrkb6G+Mz9VB2EnV5ro7aDB HWyp0Dy917CTBDOR0kPA4xLyC/8E72ZTe1XXdah6RZWc1X+X5KELP22vaqhsgE8AegYY ilsk2wgbg5bCNsE/QEglX5DR3/QLkoiGwKmT3MVMdYkFrNdDgqY+fd98qLoJkzObOTsj ++rlV5QF8FNqxrrcUyeGw8zoe7tG1fjiJeo5yGuwVhr5Dt4cM01hQeM7tMO2kHNbwek4 1FWi/nLezHw09mWeeMYGU2awKke2EOl7or+n8KmtFUOLBMUJu4vycEzhYOhRdyj2+rg1 FZOg== X-Gm-Message-State: AHPjjUg3Vjb5L/SXf5d82pPd7Fe5p5QawUWLZ+DtB/0RCBCIT8/zKX/3 sxsAx0nL25+MHXWT X-Google-Smtp-Source: ADKCNb6Shlmz9KoSGYg8Xo6wISdd8ApgIMo5jAS5buqaAdXUXzjhD8QpJOOjU7qpZH6ovrqouZnY2g== X-Received: by 10.98.155.220 with SMTP id e89mr16090953pfk.120.1505232623144; Tue, 12 Sep 2017 09:10:23 -0700 (PDT) Received: from [192.168.1.38] (c-107-3-134-127.hsd1.ca.comcast.net. [107.3.134.127]) by smtp.googlemail.com with ESMTPSA id o19sm19413468pgn.76.2017.09.12.09.10.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Sep 2017 09:10:19 -0700 (PDT) To: Sergio Demian Lerner , Bitcoin Protocol Discussion , Anthony Towns References: <3e4541f3-f65c-5199-5e85-9a65ea5142e7@bitcartel.com> <20170911021506.GA19080@erisian.com.au> <20170912033703.GD19080@erisian.com.au> From: Simon Liu Message-ID: Date: Tue, 12 Sep 2017 09:10:18 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 12 Sep 2017 16:14:32 +0000 Subject: Re: [bitcoin-dev] Responsible disclosure of bugs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 16:10:24 -0000 It would be a good starting point if the current policy could be clarified, so everyone is on the same page, and there is no confusion. On 09/11/2017 09:49 PM, Sergio Demian Lerner via bitcoin-dev wrote: > Historically people have published vulnerabilities in Bitcoin only after >>80% of the nodes have upgraded. This seems to be the general (but not > publicly stated) policy. If you're a core developer and you know better, > please correct me. >