Bitcoin Forum
December 02, 2016, 10:20:54 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Please remove Bitcoin from Sourceforge.net  (Read 4994 times)
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 10:08:00 AM
 #1

It has come to my attention that Sourceforge only does what the U.S.A. government wants, so it isn't the right place to host the Bitcoin client nor the bitcoin.org website.

You can see what i mean here: http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#ProhibitedPersons

It came to my knowledge because of this thread: https://bitcointalk.org/index.php?topic=37402.0

Probably you guys chosen the wrong place to host such a project.
Free hosting is good, allright, but not when it comes with this price tag Wink

If they let the US government tell them what to do, i ask: What's next? Giving the authorities access to repositories so they can install backdoors?

I think this is a very serious issue and I bet a lot of people will agree with me.

Let the discussion begin!

PS: Sorry for not being eloquent enough but I guess you all understand what I want to say.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480717254
Hero Member
*
Offline Offline

Posts: 1480717254

View Profile Personal Message (Offline)

Ignore
1480717254
Reply with quote  #2

1480717254
Report to moderator
1480717254
Hero Member
*
Offline Offline

Posts: 1480717254

View Profile Personal Message (Offline)

Ignore
1480717254
Reply with quote  #2

1480717254
Report to moderator
N.Z.
Sr. Member
****
Offline Offline

Activity: 449



View Profile
August 17, 2011, 10:17:15 AM
 #2

Why "remove"? It`s not a Bitcoin way Wink Add some mirrors, diversification will solve the problem.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 10:23:15 AM
 #3

Why "remove"? It`s not a Bitcoin way Wink Add some mirrors, diversification will solve the problem.

Do you think it's a good idea to take the risk?

I'm fully aware that the source code is hosted on github, but I'm also aware that 90% or more of Bitcoin installs come from the exe's on sourceforge.

I know I'm not trusting SourceForge anymore...
If they are willing to punish people that live under oppressive regimes just for fear of US law i wonder what else will they do when said law "asks"* them...
*forces them to

captainteemo
Full Member
***
Offline Offline

Activity: 145


View Profile
August 17, 2011, 12:37:56 PM
 #4

It has come to my attention that Sourceforge only does what the U.S.A. government wants, so it isn't the right place to host the Bitcoin client nor the bitcoin.org website.

You can see what i mean here: http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#ProhibitedPersons

It came to my knowledge because of this thread: https://bitcointalk.org/index.php?topic=37402.0

Probably you guys chosen the wrong place to host such a project.
Free hosting is good, allright, but not when it comes with this price tag Wink

If they let the US government tell them what to do, i ask: What's next? Giving the authorities access to repositories so they can install backdoors?

I think this is a very serious issue and I bet a lot of people will agree with me.

Let the discussion begin!

PS: Sorry for not being eloquent enough but I guess you all understand what I want to say.


This is a requirement by all US based companies. No exceptions, this includes github, googlecode, et al

Quote
Cryptographic software is subject to the US government export control and economic sanctions laws (“US export laws”) including the US Department of Commerce Bureau of Industry and Security’s (“BIS”) Export Administration Regulations (“EAR”, 15 CFR 730 et seq., http://www.bis.doc.gov/). You may also be subject to US export laws, including the requirements of license exception TSU in accordance with part 740.13(e) of the EAR. Software and/or technical data subject to the US export laws may not be directly or indirectly exported, reexported, transferred, or released (“exported”) to US embargoed or sanctioned destinations currently including Cuba, Iran, North Korea, Sudan, or Syria, but any amendments to this list shall apply. In addition, software and/or technical data may not be exported to any entity barred by the US government from participating in export activities. Denied persons or entities include those listed on BIS’s Denied Persons and Entities Lists, and the US Department of Treasury’s Office of Foreign Assets Control’s Specially Designated Nationals List. The country in which you are currently located may have restrictions on the import, possession, use of encryption software. You are responsible for compliance with the laws where You are located.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 12:44:56 PM
 #5


This is a requirement by all US based companies. No exceptions, this includes github, googlecode, et al


Yes, yes, but... does it make it right?

Or is Bitcoin also bending over and let the US government do as he pleases?

EDIT: Why doesn't Bitcoin have it's own servers in a less restrictive country and hosts all the code themselves instead of relying in companies that have to follow US rulings, no matter how unfair they are?

Or will they just kill the project as soon as the US government says Bitcoin should die?

captainteemo
Full Member
***
Offline Offline

Activity: 145


View Profile
August 17, 2011, 12:47:12 PM
 #6


This is a requirement by all US based companies. No exceptions, this includes github, googlecode, et al


Yes, yes, but... does it make it right?

Or is Bitcoin also bending over and let the US government do as he pleases?

No, but your thing about getting it off sourceforge is pointless because it makes no difference.
In any case, the source is out there, so it doesn't matter. SF is just a mirror at this point.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 12:49:04 PM
 #7

SF is just a mirror at this point.

No it isn't... It's the only official place from where people can get compiled binaries.

captainteemo
Full Member
***
Offline Offline

Activity: 145


View Profile
August 17, 2011, 12:50:34 PM
 #8

SF is just a mirror at this point.

No it isn't... It's the only official place from where people can get compiled binaries.
Why would people be dumb enough to trust compiled binaries? Compile from source, audit the source.

jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
August 17, 2011, 12:55:21 PM
 #9

I'm sure 60+% of bitcoiners are dumb enough to use these binaries

I'm about to post a poll in the discussion forum, we'll see

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 17, 2011, 01:37:56 PM
 #10

SF is just a mirror at this point.

No it isn't... It's the only official place from where people can get compiled binaries.
Why would people be dumb enough to trust compiled binaries? Compile from source, audit the source.

You obviously live in your own personal fantasy world.

If bitcoin is ever going to be successful, the _vast_ of folks who are going to end up
running the client won't have the first clue about compiling anything (as a matter of
fact, that's probably already the case).

Of those actually capable of compiling a client, very few have the expertise to read
C++ code (and the client is non trivial code, to say the least). A quick search through
these forums for clamors of "please provide latest binary release of XXX" should be
have been your first clue.

Finally of the very tiny minority of peoplecapable of both compiling and reading C++
code, who the @&%$@ has the time to check every new commit against the code base ?

Puh-lease.

I would tend to agree with the OP: hosting the official clients on a site that abides by
US rules is unhealthy. I'd pick a place like a site hosted in sweden for official, checksummed
new releases and just mirror the stuff wherever.



+1 for this post.

There are still too many Bitcoiners who don't realize that in order for Bitcoin to succeed, it MUST be accessible to the general public whose experience with new software is simply download and click-click-click.

186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
August 17, 2011, 03:34:05 PM
 #11

SF is just a mirror at this point.

No it isn't... It's the only official place from where people can get compiled binaries today.

Fixed that for ya.

Do you really think it will be hard to put binaries up on a different mirror some day if we need to?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 03:40:11 PM
 #12

Do you really think it will be hard for the US gov to make sourceforge put backdoored binaries up on the only mirror we have today?

Fixed that for ya

Now on a serious note: Usually I'm not the ultra-paranoid freak type, but do you think Satoshi never came forward with his identity just because? The invention of Bitcoin would be a great thing in anybodys' resume, but he chose to hide because he knew about the powerful enemies he would face if he didn't.
Now, you are giving the power to a US controlled institution to f*** us without us even knowing about it.

Leave the binaries there if you think it's the right thing to do. Move them in a hurry after the trouble comes if you think that's the best thing to do. Just don't say you weren't warned or that you didn't knew about it when it happens.

For a project that is all about decentralization i see it too much centralized in the US, even worse, the source code is hosted in servers under the power of US law.

Let's see how it rolls. After all Bitcoin was like that from the start. Too bad that the only person who seemed to ever think about the dangers of this was the creator, and he's gone.

twobits
Sr. Member
****
Offline Offline

Activity: 336

Firstbits: 1a6taw


View Profile
August 17, 2011, 03:54:03 PM
 #13

Sometimes you have to pick your battles.  There are enough other ones looming on the horizon to not give the government this one as an easy excuse to go after the devs based in the USA.   

I do think the distribution is a bit lax.  They should at least be being signed.  This would allow mirrors to be made and a way to still check that what you get was ok.  Once this is done,  the issue should be solvable by people that want to solve it. If that issue is providing more global access to the bitcoin binaries anyway.  Are there any bridge counties?  Like could someone in China download it, then provide it to N Koreans?


Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
August 17, 2011, 03:54:41 PM
 #14

Do you really think it will be hard for the US gov to make sourceforge put backdoored binaries up on the only mirror we have today?

Fixed that for ya

We would notice within hours if they did that. You see, the SHA-1 hashes of all official releases are PGP signed by a trusted developer, and people DO check them every now and then. It'd be great if we had a bot check them, though.

zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
August 17, 2011, 03:58:21 PM
 #15

I would suggest mirrors in the Netherlands and Sweden.  Both are fairly nonrestrictive countries as far as I know.

Anyone want to volunteer to do this?  I'm sure we could find a host that would accept Bitcoins even, or just do it for free.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
twobits
Sr. Member
****
Offline Offline

Activity: 336

Firstbits: 1a6taw


View Profile
August 17, 2011, 04:03:38 PM
 #16

Do you really think it will be hard for the US gov to make sourceforge put backdoored binaries up on the only mirror we have today?

Fixed that for ya

We would notice within hours if they did that. You see, the SHA-1 hashes of all official releases are PGP signed by a trusted developer, and people DO check them every now and then. It'd be great if we had a bot check them, though.

Thats good. I was surprised that it seemed like they are not.  Would be good to use two different hashes or at least not sha-1 anymore.  Also, it is not obvious at all from the bitcoin.org page.  I just see link to downloads of the binaries, where are the links to the signatures?

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 17, 2011, 04:05:45 PM
 #17

We would notice within hours if they did that. You see, the SHA-1 hashes of all official releases are PGP signed by a trusted developer, and people DO check them every now and then. It'd be great if we had a bot check them, though.

Yes, I understand that. I also know that people like Dan Kaminsky review the source code or at least did it once and said it was a ugly like hell but very well thought-off and bug-free.
But I also remember this and this

aq
Full Member
***
Offline Offline

Activity: 238


View Profile
August 17, 2011, 04:28:58 PM
 #18

who the @&%$@ has the time to check every new commit against the code base ?
I think you guys have a wrong picture about the "development" of bitcoin.
Basically, there is almost no development going on, I would at best call it maintenance.
I don't believe that there are even 10 lines of *code* changes commited on average per day, so one could probably even teach his grandma to review those Smiley
zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
August 17, 2011, 05:35:10 PM
 #19

Perhaps in addition to moving off of SF a yearly audit of the code should be required.

We could make it a contest.  Pay BTC to those who find the most severe security flaws, just like Google does.  I would donate to doing that.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
August 17, 2011, 06:30:30 PM
 #20

Because people in iran "or any other country's listed" cannot access sourceforge, you want bitcoin not to be hosted on SF?
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!