Author: Prayank 2021-10-01 03:03:00
Published on: 2021-10-01T03:03:00+00:00
In an email to the bitcoin-dev mailing list, Prayank proposed an exercise in which they would create pull requests introducing vulnerabilities to Bitcoin projects and observe how maintainers and reviewers respond. While some saw this as a good exercise, Ruben Somsen advised caution and suggested that Prayank get approval from contributors before proceeding. They noted that such an exercise could encourage an environment of increased mistrust and cause existing contributors extra work. Prayank responded by emphasizing that they had always reviewed pull requests based on code rather than the author's claims and that automated tools have also helped with reviewing. They also asked whether trusting authors or having a good review process was better for security, whether it was a good practice to use commits from unmerged PRs in production, and whether this exercise would help prepare for worst-case scenarios. Prayank listed several Bitcoin projects they planned to test, including two full node implementations, a Lightning implementation, Bisq, two libraries, two wallets, an open-source block explorer, and a coinjoin implementation. They also mentioned that x00 would help them with the exercise.
Updated on: 2023-06-15T02:25:59.247016+00:00