Author: Gregory Maxwell 2013-03-13 20:24:50
Published on: 2013-03-13T20:24:50+00:00
In an email exchange between Matthew Mitchell and the Bitcoin development community, Mitchell raised concerns about the difficulties in getting people to update their systems away from version 0.7 and earlier. The development community responded explaining that critical fixes are backported to make updating instead of upgrading possible, but this still requires integration and testing, which can be time-consuming. Additionally, small behavior changes can break things for users, as demonstrated by a major mining pool losing over 1000 BTC when upgrading to version 0.8 due to poor interaction with their server software.When vulnerabilities are found, some people isolate their production nodes from the internet using upgraded nodes to avoid touching the production systems, while others may ignore the vulnerability if it only applies to something they don't care about or is just a DOS attack. The development community emphasized that if everyone instantly upgrades in response to developers' claims that an urgent update is needed, then the security of the system is reduced to the ability to compromise a developer, which is not desirable.The community also explained that when rollouts take time, there is more time for review to catch things, resulting in fewer nodes being harmed by an introduced flaw, making it less risky to update at one's own pace. Overall, updating or upgrading Bitcoin software requires careful consideration of the risks and benefits.
Updated on: 2023-05-19T16:39:21.790731+00:00