Matt Corallo [ARCHIVE] on Nostr: 📅 Original date posted:2011-09-08 🗒️ Summary of this message: The Bitcoin ...
📅 Original date posted:2011-09-08
🗒️ Summary of this message: The Bitcoin alert system has been questioned for its potential for abuse, but it is valuable for urgent notifications and not a DoS target.
📝 Original message:On Thu, 2011-09-08 at 07:42 -0700, David Perry wrote:
> There has been some discussion on the new Bitcoin StackExchange site
> lately about the alert protocol. A few have suggested that it might
> carry the potential for abuse (spam/DoS) and others have argued that
> it's merely deprecated. In any case, enough have voiced concerns that
> I've forked bitcoin/bitcoin, removed the snippet of code from main.cpp
> that makes the questionable call and submitted a pull request. On that
> pull request it was noted by Gavin Andresen that it merited discussion
> here and some kind of consensus should be reached before acting on
> that pull request. It was also mentioned that he thought the feature
> was still more useful than dangerous and that he would argue against.
>
>
> So I pose the question to you fine fellows: Is the alert system
> valuable, an unnecessary risk or merely a snippet of deprecated code?
> Should it be removed?
The alert system requires a signature verification when it receives an
alert, but so do blocks and transactions so it really isn't a DoS target
(remember that the alert system requires alerts to be signed by a key
that only gavin and satoshi have).
The alert system could prove very, very valuable. In much software it
carries the risk for abuse or simply seems wrong that the developers can
send a message to everyone's computer to notify them of something, but
keep in mind that Bitcoin is financial software. If there is an urgent
problem (like the overflow bug) there must be a way to notify people to
upgrade immediately, which is exactly what alerts provide. Since alerts
no longer carry the ability to put Bitcoin into RPC safe-mode, they are
literally just a message and I see no reason why they should be removed.
🗒️ Summary of this message: The Bitcoin alert system has been questioned for its potential for abuse, but it is valuable for urgent notifications and not a DoS target.
📝 Original message:On Thu, 2011-09-08 at 07:42 -0700, David Perry wrote:
> There has been some discussion on the new Bitcoin StackExchange site
> lately about the alert protocol. A few have suggested that it might
> carry the potential for abuse (spam/DoS) and others have argued that
> it's merely deprecated. In any case, enough have voiced concerns that
> I've forked bitcoin/bitcoin, removed the snippet of code from main.cpp
> that makes the questionable call and submitted a pull request. On that
> pull request it was noted by Gavin Andresen that it merited discussion
> here and some kind of consensus should be reached before acting on
> that pull request. It was also mentioned that he thought the feature
> was still more useful than dangerous and that he would argue against.
>
>
> So I pose the question to you fine fellows: Is the alert system
> valuable, an unnecessary risk or merely a snippet of deprecated code?
> Should it be removed?
The alert system requires a signature verification when it receives an
alert, but so do blocks and transactions so it really isn't a DoS target
(remember that the alert system requires alerts to be signed by a key
that only gavin and satoshi have).
The alert system could prove very, very valuable. In much software it
carries the risk for abuse or simply seems wrong that the developers can
send a message to everyone's computer to notify them of something, but
keep in mind that Bitcoin is financial software. If there is an urgent
problem (like the overflow bug) there must be a way to notify people to
upgrade immediately, which is exactly what alerts provide. Since alerts
no longer carry the ability to put Bitcoin into RPC safe-mode, they are
literally just a message and I see no reason why they should be removed.