Bitcoin Forum

adg

In this forum, I don't see why not. Basically, the implementation bug means that the client wasn't following it's own rules. Someone may have found a way to double-spend coin for example that the Client doesn't catch because of how it processes the rules to counter this kind of action.

I am interested in the meta-discussion, about security policy.

In other open source projects, representatives of "key parties" tend to gather on a "vendor security" mailing list that is closed to the public.  Vulnerabilities that might have real world consequences are discussed there, and then a coordinated release occurs, where all key players publish the security fixes at the same time.

Since we mostly communicate by forum here, the closest would be a member group that has access to a special forum here just for that issue that the public can't normally see. I'm fairly certain the simple machines forum supports that feature?

Both can work, but a members forum would help to keep out the noise; otherwise everyone will end up messaging the lead developer with every possible thing they here in the news and end up taking his/her time to filter it out on whether it's really a risk or not.

BTW, an important feature of these mailing lists is that anyone can post...  but only the "vendor security" group can read the posts.

Thus, it is easy for an outsider with a real security issue to provide detailed information to vendor-sec@myopensourceproject.org, while preventing unscrupulous people from reading the sensitive information.

I suppose a PM to <somebody>, plus discussion on a closed forum, is the best this forum software can handle.

Actually, it works well to just PM me.  I'm the one who's going to be fixing it.  If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.

Suppose, god forbid, you were no longer able to program or were unavailable due to unknown circumstances.  Do you have a procedure in mind to continue bitcoin in your absence?

It's called open source :)   The community is already guaranteed to continue.

It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi's absence.

why? it's not the only SVN service in the world, what actually matters is the bitcoin.org domain

Well, it's not decentralized like git.

Why?  There isn't any reason why the project will suddenly collapse if Satoshi becomes absent.

Eventually patches to the source would accumulate, someone will become a patch collector, and if enough people download the source&binaries from The Patch Collector, that person winds up (often reluctantly) the new de facto maintainer.

People worry an awful lot about rules and rule-making.  But there is no driving need for any Continuity of Government plan, here :)  As long as the source code remains open, that is sufficient.  If there is a need, and enough interest, the community will provide.  Trust in the community :)

Since satoshi is the founder, I am suggesting that he create a roadmap of what he plans to do.  Right now all I know is the client and only the client but I don't know of satoshi has bigger, grander plans.  If he could supply us with his vision and what he wants to do with bitcoin it would be great.

What I would hate seeing is if bitcoin has multiple flavors, like Linux has multiple flavors (which is arguable).  Too many flavors and too many branches could weaken the concept of bitcoin, not to mention devalue my bitcoins I already own.

I think the domain, bitcoin.org, could be important because of name branding and also because it could serve as a central authority on the status and future of bitcoin.

Almost seems like you WANT a central authority! Isn't that what bitcoin is supposed to not need? It should be able to survive more than one client implementation with only a shared protocol and perhaps a shared wallet format.

Find more info about this here: https://www.bitcoin.org/smf/index.php?topic=643.0

Agreed on same shared protocol and perhaps wallet.  What I don't want happening is someone starts their own chain.  Nothing stopping anyone from doing this, but the longer the chain the stronger the concept of bitcoin, right?

If someone started a new chain on the "production" network; it would have to be longer than the current chain. So given how much CPU time it took to generate that one, I don't see anyone trying to start a new chain anytime soon.

Right.

What I was trying to say was I can start my own bitcoin network and start my own chain there. (Kind of like how the test network is separate from production.)  If bitcoin.com expired and someone grabbed it then it could have some repercussions.  They could claim the brand new network was the real network.  Far fetched?  I guessed maybe I might be being a lil nitpicky.

They could do that. But we know the hash of the genesis block of the 'real' bitcoin so we wouldn't be accepting any of their bogus transactions.

This is no different from me opening a beverage factory, putting some muddy water in cans, and calling my product 'Coke'. I might be able to fool some people who've never experienced the real thing, but no-one who knew what Coke was would touch it.

Distributed patch collection --> http://www.bitcoin.org/wiki/doku.php?id=list_of_patches