From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sun, 21 Jul 2024 13:49:17 -0700 Received: from mail-qv1-f60.google.com ([209.85.219.60]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sVdUa-00050y-UP for bitcoindev@gnusha.org; Sun, 21 Jul 2024 13:49:17 -0700 Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-6b5de421bc6sf68132806d6.0 for ; Sun, 21 Jul 2024 13:49:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721594950; cv=pass; d=google.com; s=arc-20160816; b=wG4nOpVANa3pNwppSY3IKvmOnsjtqD4/trm7hJlbog9ETRr9WtjiiYcZ1NuyocO1FM kdc7PPWG5UbPurBh5zV0z88kLT6o0tl7oj5JUxw5PZyhNq5fbnukzRcqkeCQZmxEZS9b mP+qQNo8G3L8lugaB9WEJ2vphlhQXZqZDRi+aq6ZgMwcs/eAG/kmO7xPBEveOaII5tnw A1nkRzrCVeJJ/yX2bzBatngaw92KtqMqD+Is7DClikhYOCs61yzx73TGHogCeu5QrFUt 0eGIzuTUIZi430/Rthq0fjwxWyuQPrIMOKkx9zMcQdqlJdFdN/Uuy6jg/oanApd3GTnU QbTQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:content-transfer-encoding :mime-version:feedback-id:references:in-reply-to:message-id:subject :from:to:date:dkim-signature; bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=; fh=j0uLF+CJaL5t7WMY3dX+t+lmQqgwKlKaFNw1NLXF8bM=; b=GOpNAnt3zMBKdZdAYxhdV2uuEWUt0nMPX23rgaMQMpyXY9RCJhQWxNLMCHO2SIoIKg kzGvoMQEpwagHskwvr8D2LC+nXHApuzTdrDuZq+F5rkDYOypem1Kjtyv5ktTi5TYSxpG errxzsrQBkoKgltkCbljUQjyhG3I6lLVBOthoKuJUa6NA+J8cf+Vad6pTLfMxYZzpAaM qp26g6ehQnlLDyTDvdl1nZIAyQIQtNkcQPxJNp6r21a7IlmSLWkUIEUbyVZAwSnLU1IF 8MUmvNgplnxCBI65xNxdSceGD6HUlwRZeAg9Pde8FJntPFzJE5A3BFx9CzvADq9z5LiX vwwA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD; spf=pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721594950; x=1722199750; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:from:to:date:from:to:cc:subject:date :message-id:reply-to; bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=; b=A9zrbTFLYxxew4rilenJNiWuWyFNXjiH9j2BeJEX+OS1x9EMT7NWDVG4eTYnuuFIvX pPXumC6B7ZcKt/Gd4K3rHrIi6NCSEDUbYBybl4DdNC78Ncr6JT8oXfffWHkDI7De/vms 8uZgtwQEStRNzo0Awz/ZXe9Q9rwkYsixDUm7hlOHqEJqyDeYMr+4zGpTawzDOIQVaSaA /MiNERF0Jvj1a/hf1uhjPeIyTOC2xAUAjgIuguFTFG/c8FlxIPUqmA2uWmKrB2PLsQpf is2ZAp/bUUNVRk0iSpT0FpXTnCmFMDkEFUhvr5J6FLkZQHAWlpOJfi5GKlLH5E06BwLc 7Nsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721594950; x=1722199750; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:from:to:date:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CEj3VHqOyam2T9bK5D5MXHdjX72GrhjMwo/r3Xjit1c=; b=KPJ0jtPqnb1OFlZ3n4wtKIl7KH/MuD93deqgt4YhZcqssiinO2i9+kIVYOgiWIRcoX x8PQfj54znNQE/2fF8oJFNkpKOKoG2OLLtpdIQ4+M5nRTzHAdw/D4gYkPOiCo2ydz03y VmiRJ9QKt3k8Abm2dEF2KPMOGcIUCwjcd1BPvXOT4/RuQ8BWb1tghIqI1pH1/7Mp2djP mfGwC+wQmQNI5+lyxDu+OiWdopW0CgrA+68Blt2SqPVDrbHv54xlFLHqN2NmSKrXVYIG oRcs/jS4LUcE+bJCdlpsVH5LDUGCZczvtUFHrI1ttEF0aflJAmd61fYFxIM9hfiSpq6U xO8A== X-Forwarded-Encrypted: i=2; AJvYcCUoY85C9I+nMTaeHBc9Sx5SDVtSANj2DY6fiosmapPCLcBXftHrOjkVqNQB9jqrmmdhB/2PtN4ffHUB20LS3c9wW0iuhUY= X-Gm-Message-State: AOJu0YzqQEcPpAbYP5xxbke9iASjilxYXLWFEihA9+Bcc679xXXz7qBn pf0SvQuBQeppdsL4IaTYEykFkbYQ9LFgpEPMygjUIq5EQtp819Us X-Google-Smtp-Source: AGHT+IFPFusNOTQSMesglv4D3s61Z5v00ky9Ao1kVKrFEMqWTod5Wl63/FIAQOakrfqC/KlgVdTKvQ== X-Received: by 2002:a05:6214:5298:b0:6b0:9479:cdd7 with SMTP id 6a1803df08f44-6b961136636mr71086606d6.54.1721594950508; Sun, 21 Jul 2024 13:49:10 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6214:2d02:b0:6b7:9a07:4191 with SMTP id 6a1803df08f44-6b79b7b7950ls66881526d6.2.-pod-prod-01-us; Sun, 21 Jul 2024 13:49:09 -0700 (PDT) X-Received: by 2002:a05:6214:20c8:b0:6b5:37ed:b9b2 with SMTP id 6a1803df08f44-6b94013c2d0mr7147426d6.0.1721594949493; Sun, 21 Jul 2024 13:49:09 -0700 (PDT) Received: by 2002:a05:620a:22da:b0:79c:bd3:58c5 with SMTP id af79cd13be357-7a18f14f124ms85a; Sun, 21 Jul 2024 13:17:36 -0700 (PDT) X-Received: by 2002:a05:600c:474c:b0:426:6b14:1839 with SMTP id 5b1f17b1804b1-427dc4804a5mr49152935e9.0.1721593054479; Sun, 21 Jul 2024 13:17:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721593054; cv=none; d=google.com; s=arc-20160816; b=NOPhOXf9co6YYwyRxwUJ0zp3eRlZtzpRIbvq52lSvw/01XAjgzd1ypDS56QWGMEqky EgUvTnWxBA1p8CjfKF+MEpMI4jUTOvsAuufBTeSY6TRO//W4kb1bCyqBjv+mkmsAsJB6 GhvbXmOnwUwyBz4RT0IDf8Gx6hNgO9RE7rNwV1xwutUg046ZdgLY47pyGix08HxXmU/l mq2FJSGK2CLQcm4Jmc6al8W6+J9/iskwCG4huWCUZReOTMFgYmy9o45p6IM/XRSLehCW Sfv3JW0fsXvSXjRBL260PbgMR81oORF+FLhGvbbomewTKzZCto7ipM2wBP0GtyaGTJ+w kkJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:from:to:date:dkim-signature; bh=jZgBsneizBBP4tJQXVQ2CzhvhKsYpMsq8u2QAicykOA=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=ocJK5wYPFp3/8u3jHcgvpaWWWahApkNK7kmbIHGSf+yYOpVNDKloEUIGhJO1kLOhRY DJHVEW9tDnMdQXxnQ9cikHcr2SD6E/Urao2vLhSQSdTA0Qb6UjFuN2S0bOXv08lMSZXq zq9gkDhXWYwYWvrDKmOdcWQZIwv3SUOt9UwvN144BtaLtDOQzjCOJO6L0ag6npQDNGgT li3liLjDA+lNEyzMLdQYholvWOqdKVvqENdJzU4q5vnyWtVcq/uOsHuxCl7vqa5y1/B2 hH1LYxcE5lqPb2uwdyL29NtkfCYS9BMLF01Rx83iSz6QswbqiczZc+z8iNj4jTcfTTOs Cr1w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD; spf=pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com Received: from mail-4022.proton.ch (mail-4022.proton.ch. [185.70.40.22]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-427d2a7f6b4si4976675e9.1.2024.07.21.13.17.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Jul 2024 13:17:34 -0700 (PDT) Received-SPF: pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) client-ip=185.70.40.22; Date: Sun, 21 Jul 2024 20:17:13 +0000 To: bitcoindev@googlegroups.com From: "'Ava Chow' via Bitcoin Development Mailing List" Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Message-ID: In-Reply-To: <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com> References: <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com> <4d950527-4430-49f2-8e38-3755bc58e301n@googlegroups.com> <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com> <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com> Feedback-ID: 53660394:user:proton X-Pm-Message-ID: 905055aa296a0bbafc4625c538e53d0b383cc431 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Original-Sender: lists@achow101.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail header.b=ESc6xjbD; spf=pass (google.com: domain of lists@achow101.com designates 185.70.40.22 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com X-Original-From: Ava Chow Reply-To: Ava Chow Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) On 07/20/2024 10:06 PM, Antoine Riard wrote: > "Naive", as saying this is the _Bitcoin Core_ project list only can only= =20 > provoke blind > spot among the list members if the security issues are either affecting= =20 > old part of > the codebases that younger members have less experiences with (some=20 > parts like consensus > or block-relay are modified only every 5 years) or novel factors from=20 > upstream or downstream > (e.g the internet networking stack or implications on deployed contract= =20 > protocols like > lightning). On both the former and latter criterias, I think Peter=20 > overly meets the bar. Peter was not the only "senior" person on the security list. Obviously I=20 will not disclose non-public information, but certainly there are people=20 on the security list who are just as, if not more, senior than Peter. Furthermore, the "old parts" still do get changed, and someone who no=20 longer actively contributes to the project is more likely to be unaware=20 of how the code actually works today, even if they are familiar with=20 components that change infrequently. > When you've big sh*t hitting the fan like inflation bugs or level DB=20 > 2013 unexpected fork you > prefer have experts with a decade of experience to collaborate with, and= =20 > sharing the same cultural > and ethical norms of the active contributors evaluated by numbers on=20 > commits on the last single-digit > years. Not being on the list does not preclude him from being consulted if the=20 need arises. With the two examples you provide, I am not aware of Peter being=20 actively involved in the resolution of both of those, whereas there are=20 current members of the list who were. In general though, it is not clear to me how it was beneficial to have=20 Peter on the security list, nor how not having him is directly harmful.=20 In the 2 years that I have been on the security list, I was unaware that=20 Peter was a recipient until shortly before he was removed. My=20 understanding is that others who have been on the list longer than me=20 were also unaware. Ava >=20 > I'll repropose Peter admission on the security list mailing list in the= =20 > coming weeks by opening an > issue on the bitcoin-meta repository, once this current mailing list=20 > thread has slowed down a bit, > or at least the technical analysis has been dissociated from the=20 > proceedings which have all been > bundle in a big message. In my very personal opinion, I still trust more= =20 > Peter competence and experience > than some other people I know who are on the security mailing list. >=20 > All that said I appreciate your answer and I'm satisfied from the=20 > personal role you've have played > in the matter with, and be reassured I'll keep you among the recipient=20 > of future security issues with > a potential impact on bitcoin core that I might find or be aware off. >=20 > Best, > Antoine > ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd5= 4 >=20 > Le samedi 20 juillet 2024 =C3=A0 01:50:25 UTC+1, Ava Chow a =C3=A9crit=C2= =A0: >=20 > On 07/19/2024 07:58 PM, Antoine Riard wrote: > > As said in one my previous email, I'm still curious about achow101 > > explaining publicly > > why you have been kicked-out of the bitcoin-security mailing > list, when > > you were certainly > > more senior than achow101 in matters of base-layer security > issues or > > even hard technical > > issues like consensus interactions (e.g bip65). I'll re-iterate my > > respect towards achow101 > > as a maintainer from years of collaboration, though this is a topi= c > > worthy of an answer. >=20 > I am not the one that removed Peter from the mailing list, nor do I > even > have the login(s) to do so. >=20 > There was a discussion amongst several members of the security list > about who was on the list, and who should be on the list. Given that > the > security list is the _Bitcoin Core_ security list, we determined that > the people who should be on the list are people who still actively > contribute to the project. As Peter Todd no longer actively contribut= e > code nor code review to the project, we decided that it didn't make > sense to continue to have him on the list. >=20 > My recollection is that multiple other people were removed from the > list > for the same reason at the same time. >=20 > Ava >=20 > --=20 > You received this message because you are subscribed to the Google=20 > Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send=20 > an email to bitcoindev+unsubscribe@googlegroups.com=20 > . > To view this discussion on the web visit=20 > https://groups.google.com/d/msgid/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2= f7c657abn%40googlegroups.com . --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/a8eac5f2-b85a-434f-868e-eba7fd2558c6%40achow101.com.