1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 20515E1C
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 22 Sep 2018 20:49:19 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vs1-f54.google.com (mail-vs1-f54.google.com
[209.85.217.54])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5068B0
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 22 Sep 2018 20:49:18 +0000 (UTC)
Received: by mail-vs1-f54.google.com with SMTP id y11-v6so6431444vso.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 22 Sep 2018 13:49:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=a8DSjmyqxNqZqpB5sd1uVxpO9HRBFEqsymWiPrh9KwA=;
b=qsVgu/oIGI8OmGsCVlajvzjqFgTyUPl7sN4dXoX32tDo+SyAUOIm+S+ow2F59W6m4G
B2tAQUptHX1WCMvTk0Gq7RDA8OROLwZydBWhUvWUArJtTYr+bPUZjRD/eRZ0Zpb40G/M
wzO+Sw6ubdfMgYYx84Hty3UszRA+SBBquB49AgoeINjz4XrAbX1kPOHLdOdwQFUVQK1o
h43kEhDdpvIi24l276D77nooM+jmR/bWYqBM9oA4ReINRaUGwAV2WU4sIKbzN3rvK1Mn
7mg0r8GSCHQbnwrdXIH+wmMVfYy/e00GsTwsirF3D10YaFUUwfUhjXAqs8gandI6JecI
2Oug==
X-Gm-Message-State: APzg51Cj2fLNld5GkdQCq483cmP/czr4/3iVax/gIvqCyYOd3zz2/5v5
iqDpVeJIRdftVQ2Yi1UkoU1ale+n99A8P6P9pPo=
X-Google-Smtp-Source: ANB0VdYWJw32CAuZ+wJgtWZuPGEUUwjZMhrDVBHpXpQ8+gHEKtvAciDt23bWW0Dw2oGP2YdowfknMGQehU0oGJQzrh0=
X-Received: by 2002:a67:e19d:: with SMTP id
e29-v6mr829590vsl.133.1537649357886;
Sat, 22 Sep 2018 13:49:17 -0700 (PDT)
MIME-Version: 1.0
References: <CAAS2fgR9Swxv3=-u_uHrgGtfn0WhXEuOV78TFpOewCuwb3fmUA@mail.gmail.com>
<CABaSBaxk7sJ9WFstC_aj7W==+puXkGNAqA-n96wDzOvjaC-HCg@mail.gmail.com>
<CA+c4ZoxQFHnWvMY8sW17yrE_ccLKe82dX5W6G7nC1R7ZH6kP0A@mail.gmail.com>
In-Reply-To: <CA+c4ZoxQFHnWvMY8sW17yrE_ccLKe82dX5W6G7nC1R7ZH6kP0A@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Sat, 22 Sep 2018 20:49:04 +0000
Message-ID: <CAAS2fgQYx=11jOWBjYyEX42X=KdqB_V3d0j+4yG+br0Ag590xw@mail.gmail.com>
To: sickpig@gmail.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 22 Sep 2018 22:14:18 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of
CVE-2018-17144
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Sep 2018 20:49:19 -0000
On Sat, Sep 22, 2018 at 7:22 PM sickpig@gmail.com <sickpig@gmail.com> wrote:
> > For some reason I don't understand, Andrea Suisani is stating on
> > twitter that the the report by awemany was a report of an inflation
> > bug, contrary to the timeline we published.
>
> guess that the fact you don't understand it, it's probably related to the fact
> that you didn't read properly the tweet you are referring to, for reference this
> the tweet URL https://twitter.com/sickpig/status/1043530088636194816
>
> This is the text of such a tweet
OKAY. The only tweet I was shown was this one:
https://twitter.com/sickpig/status/1043428373530390528
It doesn't many any mention to him not reporting it and I encountered
it in the context of another person citing it to claim it had been
reported.
> Furthermore as you should be aware, having been copied on the report,
> awemany specifically
> said that "[the assert(is_spent)] *seems* to prevent the worse outcome
> of monetary inflation"
Yes, in fact I referred to the that specifically in my message as well
as including his entire message in my post.
> I guess that in the hurry of informing you and other people involved of the DoS
> vector he identified and proved, he decided to give priority to
> informing Core about that
> rather than waiting and continue exploring the idea he had about exploiting the
> code to create coins out of thin air.
I'm unclear what you're now stating. Are you stating that awemany knew
that it could
cause inflation but indicated otherwise to us or are you stating that
he did not know and
in the abundance of caution he sent the report as fast as possible
before making that
determination?
I'm just asking because I'm confused by your response; I don't think
it's particularly important one way or another.
|