📅 Original date posted:2014-08-23
📝 Original message:On 23 August 2014 12:38, Pieter Wuille <pieter.wuille at gmail.com> wrote:
> That allows using github as easy-access mechanism for people to
> contribute and inspect, while having a higher security standard for
> the actual changes done to master.
I'd also like to point out the obvious: git uses the previous hash as part
of the formula to generate the current commit hash thus tampering with
history while possible would be instantly noticed because we all have
copies of the repository. Tampering would be completely evident (pushes
would fail for a start, and even simple merges would bork). It's just not
possible to tamper with the repository without it being discovered, even
with collusion (or strong arming) of github.
The social benefits of github make it idea for open source projects that
want community participation. The barrier to entry is low. The only "weak"
spot of github is the releases section, but since we don't actually
distribute Bitcoin from github the point is moot.
I think github haters fail to see the vast benefits of a social hub like
github. Their issue tracker may not be as sophisticated, it serves well and
the project is extremely productive.
Don't shoot yourself in the foot - a move away from github would be a
disaster for the project.
When you look at the attack surface of using github, it's pretty small and
would not go unnoticed, thus nullifying concern.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140823/de3856a5/attachment.html>;
Drak [ARCHIVE] /
npub12r…3aqxc
2023-06-07 17:25:32
in reply to nevent1q…2tum
Author Public Key
npub12rkw0jajmsck4uwdtksdvtswrlkypusfryjzera7m4fhqta6jhdsz3aqxcPublished at
2023-06-07 17:25:32Event JSON
{
"id": "bb3868c671204f607e2f1ca0d2b17c5f29c15e17970cd6e0fb26fbc292de38f3",
"pubkey": "50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db",
"created_at": 1686151532,
"kind": 1,
"tags": [
[
"e",
"c005f45b1cb77392a2804d02a4c758eb9ca30d9af3fd9e762780478d5aeddb7a",
"",
"root"
],
[
"e",
"c7f5e3bb733a813e5cb7ae1885c8ff469a6f76d476215307514eca837b64576f",
"",
"reply"
],
[
"p",
"5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6"
]
],
"content": "📅 Original date posted:2014-08-23\n📝 Original message:On 23 August 2014 12:38, Pieter Wuille \u003cpieter.wuille at gmail.com\u003e wrote:\n\n\u003e That allows using github as easy-access mechanism for people to\n\u003e contribute and inspect, while having a higher security standard for\n\u003e the actual changes done to master.\n\n\nI'd also like to point out the obvious: git uses the previous hash as part\nof the formula to generate the current commit hash thus tampering with\nhistory while possible would be instantly noticed because we all have\ncopies of the repository. Tampering would be completely evident (pushes\nwould fail for a start, and even simple merges would bork). It's just not\npossible to tamper with the repository without it being discovered, even\nwith collusion (or strong arming) of github.\n\nThe social benefits of github make it idea for open source projects that\nwant community participation. The barrier to entry is low. The only \"weak\"\nspot of github is the releases section, but since we don't actually\ndistribute Bitcoin from github the point is moot.\n\nI think github haters fail to see the vast benefits of a social hub like\ngithub. Their issue tracker may not be as sophisticated, it serves well and\nthe project is extremely productive.\n\nDon't shoot yourself in the foot - a move away from github would be a\ndisaster for the project.\n\nWhen you look at the attack surface of using github, it's pretty small and\nwould not go unnoticed, thus nullifying concern.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140823/de3856a5/attachment.html\u003e",
"sig": "dedf14f01beca9407e808571864a41277878e2b60dc6ec0544f017adbac2b6bb4fce3008e63eb9c3a41456c21278b452160e2c2b2d765f808ee22c090071e696"
}