Author: John Dillon 2013-07-28 18:21:44
Published on: 2013-07-28T18:21:44+00:00
The note discusses the potential dangers of packaging Bitcoin node software as part of distribution package repositories. The author requests upstream maintainers to refrain from distributing the software until they understand the unique testing procedures and other requirements to achieve consensus. The note explains that Bitcoin nodes are an unusual category of software because they implement a complex group consensus in which every client verifies the behavior of every other exactly. Even a subtle change can cause a failure to reach consensus, which is a security risk to the user of that client. For this reason, it is vital that as much of the network as possible uses unmodified implementations that have been carefully audited and tested, including dependencies. The note also mentions that beyond being globally consistent, upstream binaries are produced using a reproducible build system ensuring that they can be audited for backdoors. The author requests that distributors direct users to the upstream-provided binaries instead of packaging Bitcoin node software until they understand the unique testing procedures and other requirements to achieve consensus.
Updated on: 2023-06-07T14:35:43.268972+00:00