Bitcoin Institute

Implementation bug prior to 0.3.6

8 messages BitcoinTalk Unknown, knightmb, Jeff Garzik, Satoshi Nakamoto, jimbobway, lachesis July 29, 2010 — July 30, 2010
Unknown July 29, 2010 20:03 UTC Source ·

adg

knightmb July 29, 2010 20:13 UTC Source ·

Since we mostly communicate by forum here, the closest would be a member group that has access to a special forum here just for that issue that the public can’t normally see. I’m fairly certain the simple machines forum supports that feature?

knightmb July 29, 2010 20:19 UTC Source ·

[Deleted] Quote from: davidonpda on July 29, 2010, 08:17:31 PM

I’d support the idea. More trusted members and programmers could post security risks or exploits. Maybe the better way is just to message the developer if they are discovered.

Both can work, but a members forum would help to keep out the noise; otherwise everyone will end up messaging the lead developer with every possible thing they here in the news and end up taking his/her time to filter it out on whether it’s really a risk or not.

Jeff Garzik (jgarzik) July 29, 2010 20:22 UTC Source ·

BTW, an important feature of these mailing lists is that anyone can post… but only the “vendor security” group can read the posts.

Thus, it is easy for an outsider with a real security issue to provide detailed information to vendor-sec@myopensourceproject.org, while preventing unscrupulous people from reading the sensitive information.

I suppose a PM to , plus discussion on a closed forum, is the best this forum software can handle.

Satoshi Nakamoto July 29, 2010 22:04 UTC Source ·

Actually, it works well to just PM me.  I’m the one who’s going to be fixing it.  If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.

jimbobway July 29, 2010 22:59 UTC Source ·
Quote from: satoshi on July 29, 2010, 10:04:15 PM UTC

Actually, it works well to just PM me. I’m the one who’s going to be fixing it. If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.

Suppose, god forbid, you were no longer able to program or were unavailable due to unknown circumstances. Do you have a procedure in mind to continue bitcoin in your absence?

Jeff Garzik (jgarzik) July 29, 2010 23:03 UTC Source ·
Quote from: jimbobway on July 29, 2010, 10:59:48 PM UTC

Suppose, god forbid, you were no longer able to program or were unavailable due to unknown circumstances. Do you have a procedure in mind to continue bitcoin in your absence?

It’s called open source 😊 The community is already guaranteed to continue.

lachesis July 30, 2010 01:01 UTC Source ·
Quote from: Jeff Garzik on July 29, 2010, 11:03:33 PM UTC

It’s called open source The community is already guaranteed to continue.

It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi’s absence.