public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: odinn <odinn.cyberguerrilla@riseup.net>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] Ensuring Users have Safe Software and Version
Date: Tue, 18 Aug 2015 23:48:04 -0700	[thread overview]
Message-ID: <55D426A4.3070006@riseup.net> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Recently I was re-reading the following (which has been edited
periodically):

https://bitcoin.org/en/alerts

It currently reads, "There is no ongoing event on the Bitcoin network."

However, in reading the most recent alert on that page, we are (it
seems) still affected by the issues discussed relative to the 4th of
July event, namely:

https://bitcoin.org/en/alert/2015-07-04-spv-mining

This originally was formulated in alerts via discussion on bitcoin.org
repository, here:
https://github.com/bitcoin-dot-org/bitcoin.org/pull/933

So anyway.

Getting back to this, how do I ensure that I have a safe version?

Thus far I am still using the guidance here from the bitcoin.org alert
shown above.  For example, for Electrum, bitcoin.org not only directs
users to wait 30 confirmations more than usual, but also directs users
to the following resource:
https://en.bitcoin.it/w/index.php?title=July_2015_chain_forks&redirect=n
o

This brings me to the "safe software and version."  If we understand
this correctly, the safe software and version will be Bitcoin Core at
its most current version.  Thus it is vitally important to provide a
way to ensure that users do not inadvertently be misled into
connecting to a XT node.

However, the information (about the software and version, in banner)
is provided voluntarily by the server administrators and thus isn't
validated.  How to make sure that you are actually connecting to one
who is running Core with the proper version (and not Core with some
very old version, or XT)?

On the bitcoin wiki, it states in part,
"During a fork, it is possible to use the Get Block Header custom
plugin[3] to authoritatively determine which side of the fork an
Electrum server is on."  It refers to this:
https://bitcointalk.org/index.php?topic=1110912.msg11800126

Depending on what wallet people are using, that is, Core, any of the
other wallets... hardware, desktop, web, mobile... there would be
different ways to determine what software is being used to make sure
that you are using Core in the current version (and not inadvertently
using XT for example).  The question is, how would this be done most
easily?

Thanks in advance for your answer(s).
- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJV1CakAAoJEGxwq/inSG8CLPUH/RnCMjGSFrPQc9wvRv9NWPYP
Mr+pzIBpiOXvikYXBT6cm/2AmmKhNmOjAHcdb9VrXPbk5ov/+odlcjGKeyXBc8zr
6+FAhDrnmznL1TEn+DL1UUBQlonNf4MFK8YZBusslFA14lSCSywn9IdubPD3ONzc
4f0uHl6c4wk0yLfmlJPbHevaEY/UdIyxPde2Nw+7IImWpdGJjBUiKTGb7/ZC4hTR
dTWmKNKAiXpCd2om86jbo12WP0rgpv66P2DgeetPzv8/dwWoons3FUJL/+tveFlm
SuTmjZWlDtzPm/56eTXUU64y7bSWYLrdQXxUk8zqzlYL5CJuVJ+1fi8OjwYYZH0=
=4J93
-----END PGP SIGNATURE-----


                 reply	other threads:[~2015-08-19  6:48 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55D426A4.3070006@riseup.net \
    --to=odinn.cyberguerrilla@riseup.net \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox