From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 20515E1C for ; Sat, 22 Sep 2018 20:49:19 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vs1-f54.google.com (mail-vs1-f54.google.com [209.85.217.54]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5068B0 for ; Sat, 22 Sep 2018 20:49:18 +0000 (UTC) Received: by mail-vs1-f54.google.com with SMTP id y11-v6so6431444vso.5 for ; Sat, 22 Sep 2018 13:49:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a8DSjmyqxNqZqpB5sd1uVxpO9HRBFEqsymWiPrh9KwA=; b=qsVgu/oIGI8OmGsCVlajvzjqFgTyUPl7sN4dXoX32tDo+SyAUOIm+S+ow2F59W6m4G B2tAQUptHX1WCMvTk0Gq7RDA8OROLwZydBWhUvWUArJtTYr+bPUZjRD/eRZ0Zpb40G/M wzO+Sw6ubdfMgYYx84Hty3UszRA+SBBquB49AgoeINjz4XrAbX1kPOHLdOdwQFUVQK1o h43kEhDdpvIi24l276D77nooM+jmR/bWYqBM9oA4ReINRaUGwAV2WU4sIKbzN3rvK1Mn 7mg0r8GSCHQbnwrdXIH+wmMVfYy/e00GsTwsirF3D10YaFUUwfUhjXAqs8gandI6JecI 2Oug== X-Gm-Message-State: APzg51Cj2fLNld5GkdQCq483cmP/czr4/3iVax/gIvqCyYOd3zz2/5v5 iqDpVeJIRdftVQ2Yi1UkoU1ale+n99A8P6P9pPo= X-Google-Smtp-Source: ANB0VdYWJw32CAuZ+wJgtWZuPGEUUwjZMhrDVBHpXpQ8+gHEKtvAciDt23bWW0Dw2oGP2YdowfknMGQehU0oGJQzrh0= X-Received: by 2002:a67:e19d:: with SMTP id e29-v6mr829590vsl.133.1537649357886; Sat, 22 Sep 2018 13:49:17 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Gregory Maxwell Date: Sat, 22 Sep 2018 20:49:04 +0000 Message-ID: To: sickpig@gmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 22 Sep 2018 22:14:18 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2018 20:49:19 -0000 On Sat, Sep 22, 2018 at 7:22 PM sickpig@gmail.com wrote: > > For some reason I don't understand, Andrea Suisani is stating on > > twitter that the the report by awemany was a report of an inflation > > bug, contrary to the timeline we published. > > guess that the fact you don't understand it, it's probably related to the fact > that you didn't read properly the tweet you are referring to, for reference this > the tweet URL https://twitter.com/sickpig/status/1043530088636194816 > > This is the text of such a tweet OKAY. The only tweet I was shown was this one: https://twitter.com/sickpig/status/1043428373530390528 It doesn't many any mention to him not reporting it and I encountered it in the context of another person citing it to claim it had been reported. > Furthermore as you should be aware, having been copied on the report, > awemany specifically > said that "[the assert(is_spent)] *seems* to prevent the worse outcome > of monetary inflation" Yes, in fact I referred to the that specifically in my message as well as including his entire message in my post. > I guess that in the hurry of informing you and other people involved of the DoS > vector he identified and proved, he decided to give priority to > informing Core about that > rather than waiting and continue exploring the idea he had about exploiting the > code to create coins out of thin air. I'm unclear what you're now stating. Are you stating that awemany knew that it could cause inflation but indicated otherwise to us or are you stating that he did not know and in the abundance of caution he sent the report as fast as possible before making that determination? I'm just asking because I'm confused by your response; I don't think it's particularly important one way or another.