Author: Gregory Maxwell 2017-09-12 17:41:42
Published on: 2017-09-12T17:41:42+00:00
In a recent discussion on the bitcoin-dev mailing list, Anthony Towns raised concerns regarding the security of Bitcoin. Specifically, he questioned whether the small group of developers responsible for maintaining and updating the codebase could be trusted to handle vulnerabilities in a way that would not result in exploitation by malicious actors. In response, other contributors noted that for embargoed fixes, the specific changes are tested against experienced developers within the project before being proposed as commits. While this does not guarantee that issues will not leak, the process has been effective in mitigating vulnerabilities in the past. One contributor also argued that good security for Bitcoin is not necessarily defined by constant upgrading. Upgrading can create centralization, dependence, and opportunities for insecurity. Furthermore, one of the security considerations for Bitcoin is knowing that the definition of the currency has not changed, which can be difficult when software is updated frequently. The bar for backport fixes is considered low enough that they are often able to include more serious fixes without calling attention to them. Additionally, there is a positive network effect where having other people upgrade can help improve overall security.Regarding altcoin maintainers, some have contributed to Bitcoin Core updates, but most do not due to lack of focus on software quality or an adversarial relationship with Bitcoin. If information about their inability to keep up with security fixes were provided to the market, it could be valuable but may also result in legal action or physical attacks.
Updated on: 2023-05-20T03:48:01.732520+00:00