Drak [ARCHIVE] on Nostr: 📅 Original date posted:2014-08-23 📝 Original message:On 23 August 2014 12:38, ...
📅 Original date posted:2014-08-23
📝 Original message:On 23 August 2014 12:38, Pieter Wuille <pieter.wuille at gmail.com> wrote:
> That allows using github as easy-access mechanism for people to
> contribute and inspect, while having a higher security standard for
> the actual changes done to master.
I'd also like to point out the obvious: git uses the previous hash as part
of the formula to generate the current commit hash thus tampering with
history while possible would be instantly noticed because we all have
copies of the repository. Tampering would be completely evident (pushes
would fail for a start, and even simple merges would bork). It's just not
possible to tamper with the repository without it being discovered, even
with collusion (or strong arming) of github.
The social benefits of github make it idea for open source projects that
want community participation. The barrier to entry is low. The only "weak"
spot of github is the releases section, but since we don't actually
distribute Bitcoin from github the point is moot.
I think github haters fail to see the vast benefits of a social hub like
github. Their issue tracker may not be as sophisticated, it serves well and
the project is extremely productive.
Don't shoot yourself in the foot - a move away from github would be a
disaster for the project.
When you look at the attack surface of using github, it's pretty small and
would not go unnoticed, thus nullifying concern.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140823/de3856a5/attachment.html>
📝 Original message:On 23 August 2014 12:38, Pieter Wuille <pieter.wuille at gmail.com> wrote:
> That allows using github as easy-access mechanism for people to
> contribute and inspect, while having a higher security standard for
> the actual changes done to master.
I'd also like to point out the obvious: git uses the previous hash as part
of the formula to generate the current commit hash thus tampering with
history while possible would be instantly noticed because we all have
copies of the repository. Tampering would be completely evident (pushes
would fail for a start, and even simple merges would bork). It's just not
possible to tamper with the repository without it being discovered, even
with collusion (or strong arming) of github.
The social benefits of github make it idea for open source projects that
want community participation. The barrier to entry is low. The only "weak"
spot of github is the releases section, but since we don't actually
distribute Bitcoin from github the point is moot.
I think github haters fail to see the vast benefits of a social hub like
github. Their issue tracker may not be as sophisticated, it serves well and
the project is extremely productive.
Don't shoot yourself in the foot - a move away from github would be a
disaster for the project.
When you look at the attack surface of using github, it's pretty small and
would not go unnoticed, thus nullifying concern.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140823/de3856a5/attachment.html>