Bitcoin Forum
July 17, 2019, 03:41:09 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How secure is the bitcoin code at github?  (Read 2051 times)
Mhr3io
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
June 21, 2015, 01:49:41 AM
 #1

how does bitcoin secure the github?
I don't know much about github, but if the code is sitting at github,
what is to stop someone from changing it?

someone please explain this to me, I am interested.
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
1563334869
Hero Member
*
Offline Offline

Posts: 1563334869

View Profile Personal Message (Offline)

Ignore
1563334869
Reply with quote  #2

1563334869
Report to moderator
coinableS
Legendary
*
Offline Offline

Activity: 1078
Merit: 1001



View Profile WWW
June 21, 2015, 04:37:38 AM
 #2

In order to change the code or files on github you would have to have commit access to the bitcoin repository.
Any outsider altering the code would have to clone it under a new repository, essentially creating an alt coin that no one would use.

Check out the help section on github. https://help.github.com/

GreenStox
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250



View Profile
June 21, 2015, 09:19:21 PM
 #3

how does bitcoin secure the github?
I don't know much about github, but if the code is sitting at github,
what is to stop someone from changing it?

someone please explain this to me, I am interested.

They would need to hack the github server to change to code.

Or they would need to set up a phishing site with modified code.

Or they would need to set up a malware on your PC that would show other code on the site , when you visit it, but only for you.

              ▄▄▄████▄▄▄
         ▄▄████████████████▄▄
       ▄██████████████████████▄
     ▄██████████████████████████▄
    ██████████████████████████████
   ████████▌████████▀  ▄█████▀   ██
  ██████▌██▌▐█████▀  ▄█████▀   ▄▄███
 ███▌███ ██▌ ███▀   ▄████▀   ▄███████
 ███ ██▌ ▐██ ▐█▀   ████▀   ▄█████████
███▌ ██▌ ▐██▌ ▀█  ███▀    ██████   ███
███▌ ▐█▌  ███  ▀████▀   ▄█████     ███
███▌ ▐██  ██    ▀██▀   ▄████     ▄████
 ██▌  ██▌     █  ▀█   █████     ▄████
 ███  ▀██    ███  ▀█▄████▀    ▄██████
  ███▄    ▄  ▀██▀    ▀▀    ▄████████
   █████████▄    ▄█▄    ▄██████████
    ██████████████████████████████
     ▀██████████████████████████▀
       ▀██████████████████████▀
         ▀▀████████████████▀▀
              ▀▀▀████▀▀▀


BitWings



PRIVATE SALE: UNTIL AUGUST 31



PUBLIC SALE: SEP 1 - NOV 30
Minephone
Whitepaper
Onepager
Linkedin
Twitter
ICO Presentation
Bitdonator
Legendary
*
Offline Offline

Activity: 1168
Merit: 1002


★YoBit.Net★ 1400+ Coins Exchange


View Profile
June 22, 2015, 08:27:38 AM
 #4

Only person who have login information
can acces to github repository.

...its same as any other website, yoo need password
to acces account

Am I spamming? Report me!
Enzyme
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
June 22, 2015, 09:25:22 AM
 #5

It can't be changed by anyone other than the original developers, unless they were to be hacked of course.
cryptoboy.architect
Hero Member
*****
Offline Offline

Activity: 513
Merit: 500


View Profile
June 22, 2015, 09:33:15 AM
 #6

Just as a thought experiment...

If GitHub itself is coerced into serving a modified version of the code, none of the developers can prevent it.
DannyHamilton
Legendary
*
Offline Offline

Activity: 2198
Merit: 1406



View Profile
June 22, 2015, 12:19:47 PM
 #7

The code is duplicated on every developer's computer.

If the github source changes, then every developer will notice when they attempt to synchronize their local code with the server code.

Mhr3io
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
June 23, 2015, 03:20:43 AM
 #8

Only person who have login information
can acces to github repository.

...its same as any other website, yoo need password
to acces account

what if someone working with github has inside ability to get login information?
or do you think people who work at github cannot figure out what someones login or password is at github?
is it a security risk, seeing as how there is money involved with bitcoin?
DannyHamilton
Legendary
*
Offline Offline

Activity: 2198
Merit: 1406



View Profile
June 23, 2015, 03:28:43 AM
 #9

what if someone working with github has inside ability to get login information?
or do you think people who work at github cannot figure out what someones login or password is at github?
is it a security risk, seeing as how there is money involved with bitcoin?

The code is duplicated on every developer's computer.

If the github source changes, then every developer will notice when they attempt to synchronize their local code with the server code.

RussianRaibow
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500

I AM A SCAMMER


View Profile WWW
June 23, 2015, 09:43:16 AM
 #10

Only person who have login information
can acces to github repository.

...its same as any other website, yoo need password
to acces account

what if someone working with github has inside ability to get login information?
or do you think people who work at github cannot figure out what someones login or password is at github?
is it a security risk, seeing as how there is money involved with bitcoin?

You, buddy, clearly do not understand how Open Source repo works. Changing the code in Github wont have any immediate impact on bitcoin. You are still immersed in the paradox of a centrally controlled system.

I AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMERI AM A SCAMMER
cryptoboy.architect
Hero Member
*****
Offline Offline

Activity: 513
Merit: 500


View Profile
June 25, 2015, 10:03:17 AM
 #11

You, buddy, clearly do not understand how Open Source repo works. Changing the code in Github wont have any immediate impact on bitcoin. You are still immersed in the paradox of a centrally controlled system.

You are forgetting that many nodes and vital parts of the ecosystem are configured to automatically sync and update/recompile using what's on GitHub.

Do you think Bitcoin ATMs get manually updated? Another issue is, what if the developers themselves are coerced to sneak something in?

In other words - shouldn't Bitcoin stakeholders be able to vote on who is the authorized developer?
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


https://gliph.me/hUF


View Profile
June 25, 2015, 10:13:07 AM
 #12

You are forgetting that many nodes and vital parts of the ecosystem are configured to automatically sync and update/recompile using what's on GitHub.[...]

Source?

Sounds like the wrong approach to me. We are dealing with something that has value to some. Remember "being your own bank" - as cool as it may sound - comes with responsibilities as well.


OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
cryptoboy.architect
Hero Member
*****
Offline Offline

Activity: 513
Merit: 500


View Profile
June 25, 2015, 10:19:34 AM
 #13

Source?

Sounds like the wrong approach to me. We are dealing with something that has value to some. Remember "being your own bank" - as cool as it may sound - comes with responsibilities as well.

I remember an exchange was doing auto-updates, but I can't recall the details. Let's hope I'm wrong about that one.

That said, I'm very interested in the implementation of a completely decentralized version of GitHub. I know Git itself by nature is decentralized.

But would be nice if there is a platform that doesn't rely on DNS whatsoever. Perhaps it's still too early for that.
dserrano5
Legendary
*
Offline Offline

Activity: 1904
Merit: 1009



View Profile
June 25, 2015, 10:31:26 AM
 #14

what if the developers themselves are coerced to sneak something in?

This is certainly a problem in bitcoin XT where only… one? two? individual(s) have commit access.
GreenStox
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250



View Profile
June 26, 2015, 02:27:54 AM
 #15

what if the developers themselves are coerced to sneak something in?

This is certainly a problem in bitcoin XT where only… one? two? individual(s) have commit access.

You can still download it and check it does it?

Also when a release comes out, it usually has a checksum and a signature, any alteration after the release is easily detactable..

So if wallet 2.0 comes out, and it has a hash, but if you sneak something shady in it after, it wont match the hash of the 2.0.

              ▄▄▄████▄▄▄
         ▄▄████████████████▄▄
       ▄██████████████████████▄
     ▄██████████████████████████▄
    ██████████████████████████████
   ████████▌████████▀  ▄█████▀   ██
  ██████▌██▌▐█████▀  ▄█████▀   ▄▄███
 ███▌███ ██▌ ███▀   ▄████▀   ▄███████
 ███ ██▌ ▐██ ▐█▀   ████▀   ▄█████████
███▌ ██▌ ▐██▌ ▀█  ███▀    ██████   ███
███▌ ▐█▌  ███  ▀████▀   ▄█████     ███
███▌ ▐██  ██    ▀██▀   ▄████     ▄████
 ██▌  ██▌     █  ▀█   █████     ▄████
 ███  ▀██    ███  ▀█▄████▀    ▄██████
  ███▄    ▄  ▀██▀    ▀▀    ▄████████
   █████████▄    ▄█▄    ▄██████████
    ██████████████████████████████
     ▀██████████████████████████▀
       ▀██████████████████████▀
         ▀▀████████████████▀▀
              ▀▀▀████▀▀▀


BitWings



PRIVATE SALE: UNTIL AUGUST 31



PUBLIC SALE: SEP 1 - NOV 30
Minephone
Whitepaper
Onepager
Linkedin
Twitter
ICO Presentation
dserrano5
Legendary
*
Offline Offline

Activity: 1904
Merit: 1009



View Profile
June 26, 2015, 08:31:55 AM
 #16

what if the developers themselves are coerced to sneak something in?

This is certainly a problem in bitcoin XT where only… one? two? individual(s) have commit access.

You can still download it and check it does it?

Also when a release comes out, it usually has a checksum and a signature, any alteration after the release is easily detactable..

So if wallet 2.0 comes out, and it has a hash, but if you sneak something shady in it after, it wont match the hash of the 2.0.

My concern is after people have switched to XT due do the 8 Mb max block size. In that scenario, and assuming they will be coerced to put some unwanted code (eg. CoinValidation—and Hearn was pretty much for that IIRC), how are we going to switch back to Bitcoin Core? We can pretty much assume we won't, with the result that TPTB will have successfully co-opted bitcoin.

I'd rather see the 8 Mb change in Core, or stay at 1 Mb until more people have governance over XT.
DannyHamilton
Legendary
*
Offline Offline

Activity: 2198
Merit: 1406



View Profile
June 26, 2015, 01:35:58 PM
 #17

what if the developers themselves are coerced to sneak something in?

This is certainly a problem in bitcoin XT where only… one? two? individual(s) have commit access.

You can still download it and check it does it?

Also when a release comes out, it usually has a checksum and a signature, any alteration after the release is easily detactable..

So if wallet 2.0 comes out, and it has a hash, but if you sneak something shady in it after, it wont match the hash of the 2.0.

My concern is after people have switched to XT due do the 8 Mb max block size. In that scenario, and assuming they will be coerced to put some unwanted code (eg. CoinValidation—and Hearn was pretty much for that IIRC), how are we going to switch back to Bitcoin Core? We can pretty much assume we won't, with the result that TPTB will have successfully co-opted bitcoin.

I'd rather see the 8 Mb change in Core, or stay at 1 Mb until more people have governance over XT.

If we reach the point where Bitcoin XT forks the blockchains, and has enough support to matter, perhaps I'll put together a wallet that maintains both blockchains in the same wallet.  That would allow users to access either one, and would provide some competition to prevent Hearn and his associates from implementing unpopular features.  If it comes to that, I'll see about creating some sort of diverse group to handle decisions regarding the software.




hexafraction
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
June 26, 2015, 03:49:41 PM
 #18

The scenario being discussed of someone external (e.g. github staff) tampering with the source isn't valid since it would leave the repo inconsistent due to hashing of commits (which would be evident to anyone interacting with the repo when they have a local copy with some commits). Additionally, tags can be GPG-signed, which additionally prevents tampering since changes would break the signature.

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!