From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Sun, 21 Jul 2024 11:04:16 -0700
Received: from mail-yb1-f191.google.com ([209.85.219.191])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBCU2P6FJ3EBBBGM36W2AMGQEC4SYBLQ@googlegroups.com>)
	id 1sVauu-00028V-8D
	for bitcoindev@gnusha.org; Sun, 21 Jul 2024 11:04:16 -0700
Received: by mail-yb1-f191.google.com with SMTP id 3f1490d57ef6-e05d72f044csf7364451276.3
        for <bitcoindev@gnusha.org>; Sun, 21 Jul 2024 11:04:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1721585050; x=1722189850; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=i4JfYIzBYOHwGIyn+hObwnWzcFxKO5ULRZ6AP/RLVeQ=;
        b=I/clC5GWbAjfwdCPpTrB+m0ZHK+2cuNntnEX+v7Ij3tHL13WwV328ai5AWaJt0CnnC
         7lCPaRelxWQ5DZYDVPMg0/v3gufru51vEXt4AEV46tMY+jjOFTLSCQEM+5vd0l7zZpp4
         g+pbYSJ6Ew3yItZ6bZUxCc34D2XL0tbu5J7WFCdXjRU84tepEgPDeDPdu8eWaNNqgil8
         dTN0pXyVdQdNYPbhoncK99Nbr817eHp6POt8Madp4T3YhDdwNvAE4z7SYMzUR/9391Di
         LKei6kJ1Ptmy6btJp+ZHKAfssprQ1bP37tOtxzR7nms4vdpE/gOW6EjRRuDIJDDiWohb
         2qVw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1721585050; x=1722189850; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=i4JfYIzBYOHwGIyn+hObwnWzcFxKO5ULRZ6AP/RLVeQ=;
        b=nMT/PviRHRVeFs+Y24PVvSL4UVRggSNVA0Z3on7J1AvcJoTeoL98NP54ymXfCmODrK
         Z8lOGEjwdugVdTb13egKNtNM/F96Ps1+Hp2zi03AKswa2uN+w31qrxbDKSp1KzrWBaX9
         4ay5f5OIWAnjVHRPxOYVawFlIR+tZaEGMOu9eBAarsoWhpAnDudObI/cUy68U7dFxtzm
         +8bsjqkZ9VzNT/fLY8fD82nEibrKa2w8ds6O34o3FV1X/R0+78DhewYP9ieNuC6zh+ua
         zYvufb6ztL6to0TZtJoBy/7EDq8TDwnnG8NsiGcBw79g824mEewYRR3oZT0Cxm0J+ALR
         dPjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721585050; x=1722189850;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=i4JfYIzBYOHwGIyn+hObwnWzcFxKO5ULRZ6AP/RLVeQ=;
        b=tTxVbyxEQXw9GqNkNYuugQCWEsRHNUaJAkP7jyhy/f6mSdNP6nh4m1RySXu01DmNrM
         pnycFwesJ8uA/GkGhfFcRENUkATx87GJK/ZjsTEsr2JDk0VM6KYCDaWqz4MAzJjpaqVC
         Z6Ap3lhfYw7m1AjahFZ7hSYc1f7dp57gMGSxQN/YrJilr9QWDeXFC2FptwHoOq9+eo6h
         rzrUHtuc8iocIUDF/eRqvaKu5hr9oNxq3lAptni7vOnZbePAp0Q/Zp1yDbUqbCvUdvSg
         VYS7T3L2PSrGXIjJvvK8jWaOJQyqaneNKQdAQxSZVeH6uu6ZuayDqP1gw0jgZgc0vsCw
         1FVg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCWTVMlJFaf3Eq6xwzhXqpNRwXHF4P4UxArr1jPkOV9TaElybvVRbmZz/io1ruW5moLQz8wF5XjuhQuio+Rk7bDPbqH4IVQ=
X-Gm-Message-State: AOJu0YyRwrARpVcmLNZ2Q1DdYg0BPMtUb6iuh/uY8swYOq+lt8LbbzqE
	67KTGW7xMrQAW9VR2L+bnji5IEEQqsMQgn3HLUNratklyVoLSMCQ
X-Google-Smtp-Source: AGHT+IGOnnzg0oQKtq7Jl6FDfDFk0vZybENcsYdK6nJ8yG4IPkjV32Y4IHWABFxcQc/xN3BPgnZZSw==
X-Received: by 2002:a05:6902:150b:b0:e08:84b0:986d with SMTP id 3f1490d57ef6-e0884b0a4f8mr4010174276.20.1721585050098;
        Sun, 21 Jul 2024 11:04:10 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:c5c7:0:b0:e08:7bc1:5a4c with SMTP id 3f1490d57ef6-e087bc16666ls1026375276.0.-pod-prod-00-us;
 Sun, 21 Jul 2024 11:04:08 -0700 (PDT)
X-Received: by 2002:a05:6902:1204:b0:e02:f35c:d398 with SMTP id 3f1490d57ef6-e086f372bdcmr218102276.0.1721585048861;
        Sun, 21 Jul 2024 11:04:08 -0700 (PDT)
Received: by 2002:a05:690c:2d11:b0:66a:8967:a513 with SMTP id 00721157ae682-66a8967cff9ms7b3;
        Sat, 20 Jul 2024 23:16:45 -0700 (PDT)
X-Received: by 2002:a05:690c:dce:b0:648:2f1d:1329 with SMTP id 00721157ae682-66a6335cb81mr5072827b3.1.1721542604672;
        Sat, 20 Jul 2024 23:16:44 -0700 (PDT)
Date: Sat, 20 Jul 2024 23:16:44 -0700 (PDT)
From: /dev /fd0 <alicexbtong@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <955e7097-ca7a-452a-953f-718aca14cdc6n@googlegroups.com>
In-Reply-To: <ZpvS2haduzUQiojV@petertodd.org>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
 <18a5e5a2-92b3-4345-853d-5a63b71d848bn@googlegroups.com>
 <9c4c2a65-2c87-47f1-85d1-137c32099fb7n@googlegroups.com>
 <fd1e1dd3-ffda-416b-9bc8-900d0b69c8c1n@googlegroups.com>
 <ZpvS2haduzUQiojV@petertodd.org>
Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The
 Lack of Full-RBF In Core
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_282838_657973650.1721542604474"
X-Original-Sender: alicexbtong@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_282838_657973650.1721542604474
Content-Type: multipart/alternative; 
	boundary="----=_Part_282839_1953426107.1721542604474"

------=_Part_282839_1953426107.1721542604474
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Peter,

I agree that handling of vulnerability reports could be improved, although=
=20
I have less expectations from bitcoin core to acknowledge any feedback.=20
Here are a few things that we can do to improve the process:

- Report vulnerabilities anonymously and share real identity with=20
disclosure later if required.
- Send the email to achow101 or sipa or fanquake and keep=20
security@bitcoincore.org in Cc.
- Lets create a hall of fame webpage which has the name of all developers=
=20
who reported vulnerabilities along with other details. Community could also=
=20
donate directly to developers.
- Do not expect response on weekends and wait for at least 7-30 days before=
=20
full disclosure if vulnerability report is ignored.

Maybe you and others on mailing list could add suggest more improvements.

/dev/fd0
floppy disk guy

On Saturday, July 20, 2024 at 3:12:46=E2=80=AFPM UTC Peter Todd wrote:

> On Fri, Jul 19, 2024 at 10:57:40PM -0700, /dev /fd0 wrote:
> > Hi Antoine,
> >=20
> > > I'm interested if you can propose a formal or mathematical definition=
=20
> of=20
> > what constitute
> > > an in-topic of off-topic comments on a matters like full RBF, which=
=20
> has=20
> > been controversial
> > > for like a decade.
> >=20
> > I will quote _willcl-ark_'s last comment as I do not have enough=20
> > permissions in bitcoin core repository to moderate comments:
> >=20
> > "However the comments section here has become difficult to follow due t=
o=20
> > numerous off-topic comments, a few personal disagreements, and=20
> repetition=20
> > of arguments. In the interest of having a more productive and focused=
=20
> > technical and philosophical discussion we are going to close and lock=
=20
> this=20
> > PR."
> >=20
> > A new pull request should help reviewers. If you do not agree with it,=
=20
> feel=20
> > free to discuss it with moderators in bitcoin core IRC channel.
>
> It's quite bizzare to use "off topic comments" as an excuse to close a=20
> pull-req
> fixing a specific security vulnerability, assuming you actually care abou=
t=20
> that
> vulnerability. As I've said elsewhere, Core could have easily and quietly
> merged that pull-req as-is, possibly by having a few people write some=20
> obvious
> ACK rationals.
>
> The only good explanation for closing it is to further delay merging the
> pull-req, as well as disclosing the vulnerability.
>
> --=20
> https://petertodd.org 'peter'[:-1]@petertodd.org
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/955e7097-ca7a-452a-953f-718aca14cdc6n%40googlegroups.com.

------=_Part_282839_1953426107.1721542604474
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Peter,<div><br /></div><div>I agree that handling of vulnerability repor=
ts could be improved, although I have less expectations from bitcoin core t=
o acknowledge any feedback. Here are a few things that we can do to improve=
 the process:</div><div><br /></div><div>- Report vulnerabilities anonymous=
ly and share real identity with disclosure later if required.</div><div>- S=
end the email to achow101 or sipa or fanquake and keep security@bitcoincore=
.org in Cc.</div><div>- Lets create a hall of fame webpage which has the na=
me of all developers who reported vulnerabilities along with other details.=
 Community could also donate directly to developers.</div><div>- Do not exp=
ect response on weekends and wait for at least 7-30 days before full disclo=
sure if vulnerability report is ignored.</div><div><br /></div><div>Maybe y=
ou and others on mailing list could add suggest more improvements.</div><di=
v><br /></div><div>/dev/fd0</div><div>floppy disk guy</div><div><br /></div=
><div class=3D"gmail_quote"><div dir=3D"auto" class=3D"gmail_attr">On Satur=
day, July 20, 2024 at 3:12:46=E2=80=AFPM UTC Peter Todd wrote:<br/></div><b=
lockquote class=3D"gmail_quote" style=3D"margin: 0 0 0 0.8ex; border-left: =
1px solid rgb(204, 204, 204); padding-left: 1ex;">On Fri, Jul 19, 2024 at 1=
0:57:40PM -0700, /dev /fd0 wrote:
<br>&gt; Hi Antoine,
<br>&gt;=20
<br>&gt; &gt;  I&#39;m interested if you can propose a formal or mathematic=
al definition of=20
<br>&gt; what constitute
<br>&gt; &gt; an in-topic of off-topic comments on a matters like full RBF,=
 which has=20
<br>&gt; been controversial
<br>&gt; &gt; for like a decade.
<br>&gt;=20
<br>&gt; I will quote _willcl-ark_&#39;s last comment as I do not have enou=
gh=20
<br>&gt; permissions in bitcoin core repository to moderate comments:
<br>&gt;=20
<br>&gt; &quot;However the comments section here has become difficult to fo=
llow due to=20
<br>&gt; numerous off-topic comments, a few personal disagreements, and rep=
etition=20
<br>&gt; of arguments. In the interest of having a more productive and focu=
sed=20
<br>&gt; technical and philosophical discussion we are going to close and l=
ock this=20
<br>&gt; PR.&quot;
<br>&gt;=20
<br>&gt; A new pull request should help reviewers. If you do not agree with=
 it, feel=20
<br>&gt; free to discuss it with moderators in bitcoin core IRC channel.
<br>
<br>It&#39;s quite bizzare to use &quot;off topic comments&quot; as an excu=
se to close a pull-req
<br>fixing a specific security vulnerability, assuming you actually care ab=
out that
<br>vulnerability. As I&#39;ve said elsewhere, Core could have easily and q=
uietly
<br>merged that pull-req as-is, possibly by having a few people write some =
obvious
<br>ACK rationals.
<br>
<br>The only good explanation for closing it is to further delay merging th=
e
<br>pull-req, as well as disclosing the vulnerability.
<br>
<br>--=20
<br><a href=3D"https://petertodd.org" target=3D"_blank" rel=3D"nofollow" da=
ta-saferedirecturl=3D"https://www.google.com/url?hl=3Den&amp;q=3Dhttps://pe=
tertodd.org&amp;source=3Dgmail&amp;ust=3D1721626646552000&amp;usg=3DAOvVaw2=
JSBe0750jhDyC3Zta_EyJ">https://petertodd.org</a> &#39;peter&#39;[:-1]@<a hr=
ef=3D"http://petertodd.org" target=3D"_blank" rel=3D"nofollow" data-safered=
irecturl=3D"https://www.google.com/url?hl=3Den&amp;q=3Dhttp://petertodd.org=
&amp;source=3Dgmail&amp;ust=3D1721626646552000&amp;usg=3DAOvVaw0bBHxHb8vxSN=
ez5PQ90-bw">petertodd.org</a>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/955e7097-ca7a-452a-953f-718aca14cdc6n%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/955e7097-ca7a-452a-953f-718aca14cdc6n%40googlegroups.com</a>.=
<br />

------=_Part_282839_1953426107.1721542604474--

------=_Part_282838_657973650.1721542604474--