Delivery-date: Sun, 21 Jul 2024 11:03:59 -0700 Received: from mail-yb1-f185.google.com ([209.85.219.185]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sVauc-00027w-To for bitcoindev@gnusha.org; Sun, 21 Jul 2024 11:03:59 -0700 Received: by mail-yb1-f185.google.com with SMTP id 3f1490d57ef6-e087b1cdcd4sf3009089276.3 for ; Sun, 21 Jul 2024 11:03:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=; b=UzTcfCxQqNNk8IOHvaZJJv7EiVNgZ37EZsO1XCLu07VnIyv/9a44B3E9NHCo4SN+CO 6faSLIsqtsTKKrrDkqYfdtcyunkm/qMwP7bGDIUYL+dsahpxS7q9eTdH2eRRvN9q166G y6ncPqPlLIOtECR22f9vitkPn+coDejq2Kxz83yV2xGvTCNM4zpTGi/AfTrq9qoufC2n nEI6dBhqgKsgkh3x63sQgFGI+6P5Am4v+b4hRJkic7Wa3iAVbDQZGvkcRdM6q45pyQuY cC7J5kTJHGqgrK976G470GpgLR5pPkpSZxnZmlxdJ/MgUYVJPrtquNylE9Q0MEKgNo0a HsiQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721585033; x=1722189833; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=; b=OGQqyfrl5aSNGrUrZUbBU20DwXCXueaGpLj7j1HpEQ4PChUNWZcoDUYwMhBS5ScbVY qEAR8Iy4vpCuPmuDauYkAgAB+pQxWYQDKjz8Nj0sBdDKjDEHiZNsHsXoUlfsqDkAt0Kk cjnrzKWwKTk7OPSYkN6+iUbfnZPNyD9jFbktwNCURj50rWMn04ZhXN0Kv/Eaw3d+EY1b xvjRfGeuYE8S8SQSqr0oWo/KHjHS6iY6WciXA1n2ndaUwNfyxgMrmUWakSxfxtdZ5pp0 S6b4wDhEe/r+KLZ03vlkEiGFt8UeF4rgh3LQs46vHN01/284h0x9uPygV4wIk9YhClel jrdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721585033; x=1722189833; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=EXyY0a+Kwcfpfubtm+B8+FVb6ZfQEkYo/sLKr6FvS48=; b=enP2HTxP8rDg0AWwo+YUXq95cNvDJg4vDYFuokLH/fYGKVfdejbnLcE7wrehanEhzc WLFFTez7PvCqbhFJ2+ZlgYiktKSdCRUZwGXv4L+lEGPVOU5tK8mYR3O4pT+vE3jCNy4c dmHKCszcBf5QbOaqbbdE4LjL2tLMNIug8lZjc1OZGPF9EIVao7FKu7wVaNbpJ2eTTQtX RX6IxQ69QKCEr+TTnoRjLR1q7bY/RKvwtWB6gAbGfOkigfhwSSyv9ELeP4zV6uzLOFwB gpHg4TBGA24LA/ePX2fTKi7OUgqeqRhVqKhQ8KxZKtYkASCx13MeonGLli2w02scm4g7 dviw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVaPoRamFk6MJBbt1DBZ7pWSfJ1msp6v6zWCPovc0iA4mXTA82NrVkVk4d+qesUkiAk6MwJMNgeqZJhSouJMjece5qus80= X-Gm-Message-State: AOJu0YypGPMDHMP0AS8NOZDQg0oRm34z6B9/w2rDm6wQTn9MhTZ0EUe2 ZRRwtCgd+yRBAt4YHYtphtLNtYKRrrGxKuag+FzKncEqx8gKWyHk X-Google-Smtp-Source: AGHT+IHvlIMpEQqp7P7s2KOTH0TwHK4hI2kNFccGkcU1dOF4FcHIRUPvn8gKiSlqYaAmdrVf0xChKw== X-Received: by 2002:a05:6902:138e:b0:e08:90da:403 with SMTP id 3f1490d57ef6-e0890da25a3mr2831596276.51.1721585032626; Sun, 21 Jul 2024 11:03:52 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a25:e0ce:0:b0:e03:aded:7d3a with SMTP id 3f1490d57ef6-e05fdb738f8ls3002542276.1.-pod-prod-06-us; Sun, 21 Jul 2024 11:03:51 -0700 (PDT) X-Received: by 2002:a05:690c:93:b0:630:e8a:8a15 with SMTP id 00721157ae682-66a6460f80amr5276277b3.0.1721585030862; Sun, 21 Jul 2024 11:03:50 -0700 (PDT) Received: by 2002:a05:690c:2e0a:b0:64a:6fb4:b878 with SMTP id 00721157ae682-669195b3414ms7b3; Sat, 20 Jul 2024 19:06:50 -0700 (PDT) X-Received: by 2002:a05:690c:d84:b0:62f:f535:f41 with SMTP id 00721157ae682-66a65d6ed69mr2590467b3.9.1721527610038; Sat, 20 Jul 2024 19:06:50 -0700 (PDT) Date: Sat, 20 Jul 2024 19:06:49 -0700 (PDT) From: Antoine Riard To: Bitcoin Development Mailing List Message-Id: <2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn@googlegroups.com> In-Reply-To: <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com> References: <18fc443d-c347-4a84-94fe-81308ae20b76n@googlegroups.com> <4d950527-4430-49f2-8e38-3755bc58e301n@googlegroups.com> <4f7eddff-9e2d-4beb-bcc6-832584cb939d@achow101.com> Subject: Re: [bitcoindev] Re: A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_505100_957556592.1721527609826" X-Original-Sender: antoine.riard@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_505100_957556592.1721527609826 Content-Type: multipart/alternative; boundary="----=_Part_505101_1890754589.1721527609826" ------=_Part_505101_1890754589.1721527609826 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Ava, Thanks for the answer and the additional information. I think this is unclear to me if Peter himself was part of the discussion amongst several members of the security list on re-examining if their=20 presence and the ones of others was still worthy on the list, be it online or=20 offline. I fully understrand this is a kind of conversation which certainly does not warrant to be public, and I mostly agree with that. Yet I believe it's=20 ethically bordeline to not invite someome to express its own viewpoint in asking to b= e removal of its own access, especially in a project that aims to be=20 decentralized and a technnical meritocracy (-- I believe an ideal we aspire all). Beyond, and forgive the expression if it's a bit rude, I believe it's a bit= =20 "naive", "short-sighted" as a position of the members of the security list, with=20 whatever level of true consensus such removal has being done (-- and I'm not aware= =20 there was operational security emergency that justified such removal). "Naive", as saying this is the _Bitcoin Core_ project list only can only=20 provoke blind spot among the list members if the security issues are either affecting old= =20 part of the codebases that younger members have less experiences with (some parts= =20 like consensus or block-relay are modified only every 5 years) or novel factors from=20 upstream or downstream (e.g the internet networking stack or implications on deployed contract=20 protocols like lightning). On both the former and latter criterias, I think Peter overly= =20 meets the bar. "Short-sighted", as it's making the members of the security list both party= =20 and arbiter of appreciating what is an _active_ contributor among themselves (all in a= =20 very ethically bordeline fashion). In my experience with lightning over the past years,=20 with discovering more and more issues which in fact that arises from imperfect interfacting= =20 with the base-layer, I was progressively lead to spend more and more time on the core side as it= =20 was natural to have things fixed thhere (or at least advocate so). Of course, I was in=20 consequence less active on the lighting development day-to-day side. Did it make be less competent= =20 to be responsive when issues affected lighting ? I don't believe so (though obviously I'll let=20 other lightning experts corroborate or infirm this self-cogtratulory statement of mine). Same for Peter, if he had make the choices to consencrate its open-source= =20 time on more long-term things like transaction denial-of-service vectors or analyzing new=20 consensus changes proposals (whatever the long-erm outcome, R&D is a stochastic process -- his track=20 records with things like bip65 shall give him a positive presumption) I think as a community to give such cultural margin to do so, even if it's= =20 as the trade-off of less review on day-to-day core things with a more reduced global scope like= =20 the gui or the wallet. When you've big sh*t hitting the fan like inflation bugs or level DB 2013= =20 unexpected fork you prefer have experts with a decade of experience to collaborate with, and=20 sharing the same cultural and ethical norms of the active contributors evaluated by numbers on=20 commits on the last single-digit years. I'll repropose Peter admission on the security list mailing list in the=20 coming weeks by opening an issue on the bitcoin-meta repository, once this current mailing list thread= =20 has slowed down a bit, or at least the technical analysis has been dissociated from the=20 proceedings which have all been bundle in a big message. In my very personal opinion, I still trust more=20 Peter competence and experience than some other people I know who are on the security mailing list. All that said I appreciate your answer and I'm satisfied from the personal= =20 role you've have played in the matter with, and be reassured I'll keep you among the recipient of= =20 future security issues with a potential impact on bitcoin core that I might find or be aware off. Best, Antoine ots hash: db441b51684ad3a6897f67d42c74ccfcb9a4ffed40d4bdbe30a2edd867ccdd54 Le samedi 20 juillet 2024 =C3=A0 01:50:25 UTC+1, Ava Chow a =C3=A9crit : > On 07/19/2024 07:58 PM, Antoine Riard wrote: > > As said in one my previous email, I'm still curious about achow101=20 > > explaining publicly > > why you have been kicked-out of the bitcoin-security mailing list, when= =20 > > you were certainly > > more senior than achow101 in matters of base-layer security issues or= =20 > > even hard technical > > issues like consensus interactions (e.g bip65). I'll re-iterate my=20 > > respect towards achow101 > > as a maintainer from years of collaboration, though this is a topic=20 > > worthy of an answer. > > I am not the one that removed Peter from the mailing list, nor do I even= =20 > have the login(s) to do so. > > There was a discussion amongst several members of the security list=20 > about who was on the list, and who should be on the list. Given that the= =20 > security list is the _Bitcoin Core_ security list, we determined that=20 > the people who should be on the list are people who still actively=20 > contribute to the project. As Peter Todd no longer actively contribute=20 > code nor code review to the project, we decided that it didn't make=20 > sense to continue to have him on the list. > > My recollection is that multiple other people were removed from the list= =20 > for the same reason at the same time. > > Ava > > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com. ------=_Part_505101_1890754589.1721527609826 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Ava,

Thanks for the answer and the additional information.
I think this is unclear to me if Peter himself was part of the dis= cussion
amongst several members of the security list on re-examining i= f their presence
and the ones of others was still worthy on the list, = be it online or offline.

I fully understrand this is a kind of c= onversation which certainly does not
warrant to be public, and I mostl= y agree with that. Yet I believe it's ethically
bordeline to not invit= e someome to express its own viewpoint in asking to be
removal of its = own access, especially in a project that aims to be decentralized
and = a technnical meritocracy (-- I believe an ideal we aspire all).

= Beyond, and forgive the expression if it's a bit rude, I believe it's a bit= "naive",
"short-sighted" as a position of the members of the security= list, with whatever
level of true consensus such removal has being do= ne (-- and I'm not aware there
was operational security emergency that= justified such removal).

"Naive", as saying this is the _Bitcoi= n Core_ project list only can only provoke blind
spot among the list m= embers if the security issues are either affecting old part of
the cod= ebases that younger members have less experiences with (some parts like con= sensus
or block-relay are modified only every 5 years) or novel factor= s from upstream or downstream
(e.g the internet networking stack or im= plications on deployed contract protocols like
lightning). On both the= former and latter criterias, I think Peter overly meets the bar.

"Short-sighted", as it's making the members of the security list both par= ty and arbiter
of appreciating what is an _active_ contributor among t= hemselves (all in a very ethically
bordeline fashion). In my experienc= e with lightning over the past years, with discovering
more and more i= ssues which in fact that arises from imperfect interfacting with the base-l= ayer,
I was progressively lead to spend more and more time on the core= side as it was natural to
have things fixed thhere (or at least advoc= ate so). Of course, I was in consequence less active
on the lighting d= evelopment day-to-day side. Did it make be less competent to be responsive = when
issues affected lighting ? I don't believe so (though obviously I= 'll let other lightning experts
corroborate or infirm this self-cogtra= tulory statement of mine).

Same for Peter, if he had make the ch= oices to consencrate its open-source time on more long-term
things lik= e transaction denial-of-service vectors or analyzing new consensus changes = proposals
(whatever the long-erm outcome, R&D is a stochastic proc= ess -- his track records with things like
bip65 shall give him a posit= ive presumption)

I think as a community to give such cultural ma= rgin to do so, even if it's as the trade-off of
less review on day-to-= day core things with a more reduced global scope like the gui or the wallet= .

When you've big sh*t hitting the fan like inflation bugs or le= vel DB 2013 unexpected fork you
prefer have experts with a decade of e= xperience to collaborate with, and sharing the same cultural
and ethic= al norms of the active contributors evaluated by numbers on commits on the = last single-digit
years.

I'll repropose Peter admission on = the security list mailing list in the coming weeks by opening an
issue= on the bitcoin-meta repository, once this current mailing list thread has = slowed down a bit,
or at least the technical analysis has been dissoci= ated from the proceedings which have all been
bundle in a big message.= In my very personal opinion, I still trust more Peter competence and exper= ience
than some other people I know who are on the security mailing li= st.

All that said I appreciate your answer and I'm satisfied fro= m the personal role you've have played
in the matter with, and be reas= sured I'll keep you among the recipient of future security issues with
a potential impact on bitcoin core that I might find or be aware off.

Best,
Antoine
ots hash: db441b51684ad3a6897f67d42c74ccfcb9= a4ffed40d4bdbe30a2edd867ccdd54

Le samedi 20 juillet 2024 =C3=A0 01:50:25 = UTC+1, Ava Chow a =C3=A9crit=C2=A0:
On 07/19/2024 07:58 PM, Antoine Riard wrote:
> As said in one my previous email, I'm still curious about acho= w101=20
> explaining publicly
> why you have been kicked-out of the bitcoin-security mailing list,= when=20
> you were certainly
> more senior than achow101 in matters of base-layer security issues= or=20
> even hard technical
> issues like consensus interactions (e.g bip65). I'll re-iterat= e my=20
> respect towards achow101
> as a maintainer from years of collaboration, though this is a topi= c=20
> worthy of an answer.

I am not the one that removed Peter from the mailing list, nor do I eve= n=20
have the login(s) to do so.

There was a discussion amongst several members of the security list=20
about who was on the list, and who should be on the list. Given that th= e=20
security list is the _Bitcoin Core_ security list, we determined that= =20
the people who should be on the list are people who still actively=20
contribute to the project. As Peter Todd no longer actively contribute= =20
code nor code review to the project, we decided that it didn't make= =20
sense to continue to have him on the list.

My recollection is that multiple other people were removed from the lis= t=20
for the same reason at the same time.

Ava

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/2aa2d6fa-ae72-4aef-9fda-49e2f7c657abn%40googlegroups.com.=
------=_Part_505101_1890754589.1721527609826-- ------=_Part_505100_957556592.1721527609826--