John Dillon [ARCHIVE] on Nostr: π Original date posted:2013-04-19 π Original message:I understand that Gavin ...
π
Original date posted:2013-04-19
π Original message:I understand that Gavin has spent effort on security efforts against
small-scale attackers. It's the fact that he is so dismissive of the
threat that large attackers play that is what bothers me. But if I am
being divisive I understand.
I posted a clarification of what the reward is for exactly on the
forums: https://bitcointalk.org/index.php?topic=179612.msg1881800#msg1881800
On Thu, Apr 18, 2013 at 8:14 AM, Peter Todd <pete at petertodd.org> wrote:
> On Thu, Apr 18, 2013 at 06:07:23AM +0000, John Dillon wrote:
>> Gavin do you actually agree with Mike on this stuff like he implies?
>> Because if you do, I think people should know. Myself I wouldn't want
>> to be contributing to your salary as a foundation member if you don't
>> take Bitcoin security seriously.
>
> FWIW Gavin has spent quite a bit of time and effort ensuring that
> Bitcoin is resistent to DoS attacks, as well as spearheading a move
> towards better testing. The latter in particular is helpful against
> chain-forking bugs, so better testing is very much a security issue. He
> also spearheaded P2SH, and the current efforts to get a payment protocol
> implemented. I'm less convinced about his stance against attackers that
> pose a threat to the system as a whole, but it's not fair to accuse him
> of not taking security seriously.
>
>> Strict replacement by fee should be written so it can be tested
>> properly and people in the Bitcoin ecosystem use proper security
>> practices with regard to unconfirmed transactions. I'm willing to
>> pledge $500USD to anyone who implements it. That is write the core
>> functionality that does replacement by fee, and a simple 'undo' RPC
>> command. I would do it myself but my programming is rusty.
>
> You should clarify if you want this patch to compute fees recursively or
> not, IE, should the patch include fees paid by child transactions in how
> it computes the total fee the transaction pays. Doing this is
> non-trivial, although Luke-Jr has written a patch to do this without
> replacement: https://github.com/bitcoin/bitcoin/pull/1647
>
> Also, clarify if you want unit-tests and similar things included in the
> implementation.
>
> --
> 'peter'[:-1]@petertodd.org
π Original message:I understand that Gavin has spent effort on security efforts against
small-scale attackers. It's the fact that he is so dismissive of the
threat that large attackers play that is what bothers me. But if I am
being divisive I understand.
I posted a clarification of what the reward is for exactly on the
forums: https://bitcointalk.org/index.php?topic=179612.msg1881800#msg1881800
On Thu, Apr 18, 2013 at 8:14 AM, Peter Todd <pete at petertodd.org> wrote:
> On Thu, Apr 18, 2013 at 06:07:23AM +0000, John Dillon wrote:
>> Gavin do you actually agree with Mike on this stuff like he implies?
>> Because if you do, I think people should know. Myself I wouldn't want
>> to be contributing to your salary as a foundation member if you don't
>> take Bitcoin security seriously.
>
> FWIW Gavin has spent quite a bit of time and effort ensuring that
> Bitcoin is resistent to DoS attacks, as well as spearheading a move
> towards better testing. The latter in particular is helpful against
> chain-forking bugs, so better testing is very much a security issue. He
> also spearheaded P2SH, and the current efforts to get a payment protocol
> implemented. I'm less convinced about his stance against attackers that
> pose a threat to the system as a whole, but it's not fair to accuse him
> of not taking security seriously.
>
>> Strict replacement by fee should be written so it can be tested
>> properly and people in the Bitcoin ecosystem use proper security
>> practices with regard to unconfirmed transactions. I'm willing to
>> pledge $500USD to anyone who implements it. That is write the core
>> functionality that does replacement by fee, and a simple 'undo' RPC
>> command. I would do it myself but my programming is rusty.
>
> You should clarify if you want this patch to compute fees recursively or
> not, IE, should the patch include fees paid by child transactions in how
> it computes the total fee the transaction pays. Doing this is
> non-trivial, although Luke-Jr has written a patch to do this without
> replacement: https://github.com/bitcoin/bitcoin/pull/1647
>
> Also, clarify if you want unit-tests and similar things included in the
> implementation.
>
> --
> 'peter'[:-1]@petertodd.org