Published on: 2012-07-09T14:12:11+00:00
In an email thread from July 9, 2012, Gregory Maxwell expressed his concerns and actions regarding some additions made to a page. He removed the proprietary software section, a plug for blockchain.info webservices, and demoted the armory client. However, he left the android software because its source was available and had been reviewed. Maxwell also stated his criteria for listing software on the page. He believed that anything with a security model weaker than SPV should not be listed unless users could operate their own servers. Furthermore, only thin clients with a near SPV security model should be included in the list. If a server component is present in thin clients, it should be subjected to independent review. In the future, actual evidence of third-party review should exist for any software to be listed on the page.A user named Ben Reeves requested the inclusion of blockchain.info iPhone app on the clients page. The source code for this app is available under an lGPL license, which can be reviewed using https://github.com/blockchain/My-Wallet-iPhone. Additionally, the JavaScript web front end could be reviewed by using a combination of https://github.com/blockchain/My-Wallet and https://github.com/blockchain/My-Wallet-Integrity-Checker. However, Gregory Maxwell objected to including any non-reviewable client options, including centrally operated web services, on the clients page. He reverted the additions to the page and suggested that it needs to be discussed along with establishing requirements. The email was sent to the Bitcoin-development mailing list.On July 9, 2012, Amir Taaki raised concern about a recent addition to the clients page. The condition for any client to be listed on the page was that its source code should be available for review and users must be able to run it from the source code. However, Amir could not find the source code for the new client. As a result, the addition was reverted. The author of the email expressed strong opposition to including any non-reviewable client options or centrally operated web services on the page. He believed that this issue needed to be discussed alongside establishing requirements.In a discussion on proprietary software bitcoin clients, Jorge Timón expresses concern about their trustworthiness and whether or not they should be promoted on the web. He questions the potential for back doors and other hidden issues. Another participant in the discussion agrees and notes that while open-source software doesn't necessarily guarantee safety, standards of review and testing would be ideal but currently unrealistic.The conversation is about whether or not to promote bitcoin web wallets. The concern is that the wallets could contain a backdoor or other vulnerabilities, which could lead to hacking and negative media attention. The mention of "two-inch newspaper titles" suggests that the potential impact of such an event could be significant. It seems that the participants in the conversation are aware of past shortcuts taken by journalists, indicating some mistrust of media coverage regarding bitcoin security.The topic being discussed is the trustworthiness of proprietary software bitcoin clients. It is questioned if people should trust them and if the web should promote them, as they may contain a backdoor or other vulnerabilities. Andreas Schildbach suggests adding two links for each client - one for getting the binary and the other for getting the source code. Mats provides a link to the source code for Bitcoin Wallet for Android. Amir Taaki had previously suggested that all clients on the clients page must have the entire source code available for review, otherwise there should be a separate section for non-opensource clients. The email chain ends with Jorge Timón's name.The Bitcoin developers were discussing the addition of two links for each client - one for getting the binary and one for getting the source. On July 9, 2012, Amir Taaki saw that there was a section added for proprietary clients and asked if anything looked disagreeable. Mats provided the sources for the Bitcoin Wallet for Android on Google Code. Amir then asked if the source code for this client was available for review since it needed to be available for all clients on the website. Otherwise, a separate section for non-opensource clients should be created. The email also includes a link to a Live Security Virtual Conference which will cover topics related to security and threat landscape changes.Amir Taaki, a contributor to Bitcoin development, has raised questions about the availability of source code for a client on the clients page. He notes that one of the conditions for being on that page is that all clients must have their entire source code available for review and users should be able to run it from the source code. He was unable to find the source code for this particular client and suggests creating a separate section for non-open source clients if the source code cannot be made available. The email was sent to the Bitcoin-development mailing list.In a conversation between Amir Taaki and Harald, the former inquired about the availability of source code for a client.
Updated on: 2023-08-01T03:45:37.223750+00:00