public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <greg@xiph.org>
To: sickpig@gmail.com
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144
Date: Sat, 22 Sep 2018 20:49:04 +0000	[thread overview]
Message-ID: <CAAS2fgQYx=11jOWBjYyEX42X=KdqB_V3d0j+4yG+br0Ag590xw@mail.gmail.com> (raw)
In-Reply-To: <CA+c4ZoxQFHnWvMY8sW17yrE_ccLKe82dX5W6G7nC1R7ZH6kP0A@mail.gmail.com>

On Sat, Sep 22, 2018 at 7:22 PM sickpig@gmail.com <sickpig@gmail.com> wrote:
> > For some reason I don't understand, Andrea Suisani is stating on
> > twitter that the the report by awemany was a report of an inflation
> > bug, contrary to the timeline we published.
>
> guess that the fact you don't understand it, it's probably related to the fact
> that you didn't read properly the tweet you are referring to, for reference this
> the tweet URL https://twitter.com/sickpig/status/1043530088636194816
>
> This is the text of such a tweet

OKAY.  The only tweet I was shown was this one:

https://twitter.com/sickpig/status/1043428373530390528

It doesn't many any mention to him not reporting it and I encountered
it in the context of another person citing it to claim it had been
reported.

> Furthermore as you should be aware, having been copied on the report,
> awemany specifically
> said that "[the assert(is_spent)] *seems* to prevent the worse outcome
> of monetary inflation"

Yes, in fact I referred to the that specifically in my message as well
as including his entire message in my post.

> I guess that in the hurry of informing you and other people involved of the DoS
> vector he identified and proved, he decided to give priority to
> informing Core about that
> rather than waiting and continue exploring the idea he had about exploiting the
> code to create coins out of thin air.

I'm unclear what you're now stating. Are you stating that awemany knew
that it could
cause inflation but indicated otherwise to us or are you stating that
he did not know and
in the abundance of caution he sent the report as fast as possible
before making that
determination?

I'm just asking because I'm confused by your response; I don't think
it's particularly important one way or another.


      reply	other threads:[~2018-09-22 20:49 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAAS2fgR9Swxv3=-u_uHrgGtfn0WhXEuOV78TFpOewCuwb3fmUA@mail.gmail.com>
2018-09-22 17:54 ` [bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144 Bryan Bishop
2018-09-22 19:22   ` sickpig
2018-09-22 20:49     ` Gregory Maxwell [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAAS2fgQYx=11jOWBjYyEX42X=KdqB_V3d0j+4yG+br0Ag590xw@mail.gmail.com' \
    --to=greg@xiph.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=sickpig@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox