Author: alicexbt 2023-05-16 22:39:53
Published on: 2023-05-16T22:39:53+00:00
The email thread discusses the reporting of a vulnerability in Bitcoin Core repository which was created last week. The vulnerability can lead to denial of service and stale blocks affecting mining pool revenue. While one developer believes that opening a public issue was appropriate in this case, the other suggests that it should have been reported privately as a vulnerability. The second developer also points out previous instances where vulnerabilities were reported publicly and exploited on mainnet, affecting some projects, and requests to consider the impact of any vulnerability that could affect a lot of things. The first developer acknowledges the delicate trade-offs involved in reporting vulnerabilities and resolving them faster through wider collaboration versus keeping knowledge of the issue within a smaller group. The thread includes links to previous examples where the reporting process was critically needed and the security practices followed by Bitcoin developers.
Updated on: 2023-06-16T18:26:49.391840+00:00