Return-Path: <odinn.cyberguerrilla@riseup.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 6B41F97
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 19 Aug 2015 06:48:07 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 02E29132
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 19 Aug 2015 06:48:05 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.161])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net",
	Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.riseup.net (Postfix) with ESMTPS id 8FBCCC10A3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 18 Aug 2015 23:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1439966885; bh=htVjLxpNbWQS97aGsVr1fG2IA7wl4MAe9SStMrnsYs4=;
	h=Date:From:To:Subject:From;
	b=PmOdyDNX1lYTwGD64qRaaFUq9Rgx2N9RKvaXyiw6llVD89uRsg+nZe3975onUdM5L
	kHQWzAOD7dBQKXxHP8FcTsj2pQlkAstixUGns8IEELpcT/KO5MvKz9KPZMP6xxqU7P
	4tl56jDE8fMLQvUsRF0VGhU+xJxjf3wrUiwYoZ0U=
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(Authenticated sender: odinn.cyberguerrilla)
	with ESMTPSA id 573BE1C0209
Message-ID: <55D426A4.3070006@riseup.net>
Date: Tue, 18 Aug 2015 23:48:04 -0700
From: odinn <odinn.cyberguerrilla@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [bitcoin-dev] Ensuring Users have Safe Software and Version
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 06:48:07 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Recently I was re-reading the following (which has been edited
periodically):

https://bitcoin.org/en/alerts

It currently reads, "There is no ongoing event on the Bitcoin network."

However, in reading the most recent alert on that page, we are (it
seems) still affected by the issues discussed relative to the 4th of
July event, namely:

https://bitcoin.org/en/alert/2015-07-04-spv-mining

This originally was formulated in alerts via discussion on bitcoin.org
repository, here:
https://github.com/bitcoin-dot-org/bitcoin.org/pull/933

So anyway.

Getting back to this, how do I ensure that I have a safe version?

Thus far I am still using the guidance here from the bitcoin.org alert
shown above.  For example, for Electrum, bitcoin.org not only directs
users to wait 30 confirmations more than usual, but also directs users
to the following resource:
https://en.bitcoin.it/w/index.php?title=July_2015_chain_forks&redirect=n
o

This brings me to the "safe software and version."  If we understand
this correctly, the safe software and version will be Bitcoin Core at
its most current version.  Thus it is vitally important to provide a
way to ensure that users do not inadvertently be misled into
connecting to a XT node.

However, the information (about the software and version, in banner)
is provided voluntarily by the server administrators and thus isn't
validated.  How to make sure that you are actually connecting to one
who is running Core with the proper version (and not Core with some
very old version, or XT)?

On the bitcoin wiki, it states in part,
"During a fork, it is possible to use the Get Block Header custom
plugin[3] to authoritatively determine which side of the fork an
Electrum server is on."  It refers to this:
https://bitcointalk.org/index.php?topic=1110912.msg11800126

Depending on what wallet people are using, that is, Core, any of the
other wallets... hardware, desktop, web, mobile... there would be
different ways to determine what software is being used to make sure
that you are using Core in the current version (and not inadvertently
using XT for example).  The question is, how would this be done most
easily?

Thanks in advance for your answer(s).
- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJV1CakAAoJEGxwq/inSG8CLPUH/RnCMjGSFrPQc9wvRv9NWPYP
Mr+pzIBpiOXvikYXBT6cm/2AmmKhNmOjAHcdb9VrXPbk5ov/+odlcjGKeyXBc8zr
6+FAhDrnmznL1TEn+DL1UUBQlonNf4MFK8YZBusslFA14lSCSywn9IdubPD3ONzc
4f0uHl6c4wk0yLfmlJPbHevaEY/UdIyxPde2Nw+7IImWpdGJjBUiKTGb7/ZC4hTR
dTWmKNKAiXpCd2om86jbo12WP0rgpv66P2DgeetPzv8/dwWoons3FUJL/+tveFlm
SuTmjZWlDtzPm/56eTXUU64y7bSWYLrdQXxUk8zqzlYL5CJuVJ+1fi8OjwYYZH0=
=4J93
-----END PGP SIGNATURE-----