Author: Gregory Maxwell 2013-07-24 00:50:48
Published on: 2013-07-24T00:50:48+00:00
The discussion begins with a query about whether the repeatable build infrastructure is portable to any mostly-POSIX-compliant system, with gcc or clang. The answer is that it's "portable" to anything that can run the relevant VMs, but cross-compiling everything from an Ubuntu VM is required. It would be ideal if the trusted-computing-base for gitian was smaller.The conversation then moves on to the importance of precise library dependencies and how packages solving bugs can be problematic for Bitcoin. The purpose of Bitcoin is to get a large number of computers worldwide to reach an identical agreement on the content of a database, subject to a set of rules, despite potentially malicious input, without any trusted parties. A simple example is given where there is a bug in the backing database, causing any item with a key that starts with 0xDEADBEEF to not be found when queried, even if it's in the DB. Half of the Bitcoin network is running the old buggy version, and half is running the fixed version. This results in the consensus forking, partitioning the network. To deploy such a fix in Bitcoin without creating a risk for participants requires making a staged revision of the network protocol rules.It is crucial for the Bitcoin software ecosystem and large-scale software validation to mature in terms of testing. Unit tests alone cannot achieve complete test coverage in areas such as cryptographic libraries and database environments. Harmless-looking bugfixes in leveldb, boost or openssl could be major doom event makers. It is essential to remove risk and allow upgrades to be made with an eye on the Bitcoin-specific consequences.External dependencies for many of the consensus parts of Bitcoin may also drive the system out. Pieter has written an ECDSA library for their specific ECC curve, which does signature validation more than six times faster than OpenSSL but cannot be upstreamed due to differing requirements for constant-time operations. It is a challenge to run clever tests if they take two hours and use 20GB of disk space. Currently, the system is fragile in some atypical ways, making it necessary to ensure that anyone who might create a big footgun event has some idea of the concern space.BE systems are not currently supported, and fixing this would be nice, with patches accepted. Portable software is better software because it forces users to dust out nasty cobwebs, reveals dependency on dangerous undefined behavior, encourages intelligent abstractions and appropriate testing, and invites contributions from more hands and eyes. Although slow, being serious about review, even of trivial changes, is no reason not to submit, and stepping up and being willing to do the work goes a long way to getting things done. The author believes that even if a platform is not worth supporting in any rigorous way, the team should still be open to fixes and build support.The conversation also touches on the difficulty of multiple packages and how Gentoo is actually able to handle this (and does, for Bitcoin), but building separate libraries just for Bitcoin decreases the value of packaging it.
Updated on: 2023-05-19T17:14:07.051734+00:00