Arto Bendiken [ARCHIVE] on Nostr: 📅 Original date posted:2013-10-04 📝 Original message:On Fri, Oct 4, 2013 at ...
📅 Original date posted:2013-10-04
📝 Original message:On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd <pete at petertodd.org> wrote:
> The second caveat is more specific to Bitcoin: people tend to rebase
> their pull-requests over and over again until they are accepted, but
> that also means that code review done earlier doesn't apply to the later
> code pushed. Bitcoin is a particularly high profile, and high profit,
> target for people trying to get malicious code into the codebase.
On that note, this 2003 example of an attempt to backdoor the Linux
kernel is pertinent:
http://lwn.net/Articles/57135/
The backdoor in question came down to a single missing character,
easily overlooked by a reviewer if a spotlight hadn't been thrown on
it for other reasons. Compromising a Bitcoin implementation isn't
going to be as easy as that, one would hope, but certainly it seems
only a matter of time until there's an attempt at it.
Following these code review discussions with much interest.
--
Arto Bendiken | @bendiken | http://ar.to/
📝 Original message:On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd <pete at petertodd.org> wrote:
> The second caveat is more specific to Bitcoin: people tend to rebase
> their pull-requests over and over again until they are accepted, but
> that also means that code review done earlier doesn't apply to the later
> code pushed. Bitcoin is a particularly high profile, and high profit,
> target for people trying to get malicious code into the codebase.
On that note, this 2003 example of an attempt to backdoor the Linux
kernel is pertinent:
http://lwn.net/Articles/57135/
The backdoor in question came down to a single missing character,
easily overlooked by a reviewer if a spotlight hadn't been thrown on
it for other reasons. Compromising a Bitcoin implementation isn't
going to be as easy as that, one would hope, but certainly it seems
only a matter of time until there's an attempt at it.
Following these code review discussions with much interest.
--
Arto Bendiken | @bendiken | http://ar.to/