-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hash: SHA256 Hash: SHA512 Linux distribution packaging and Bitcoin ======================================== 2013-07-23 This note summarises the dangers inherent in the Linux distribution packaging model for Bitcoin, and forms a request from upstream maintainers to not distribute Bitcoin node software as part of distribution package repositories without understanding the special requirements of Bitcoin. Distributors typically unbundle internal libraries and apply other patches for a variety of generally good reasons, including ensuring that security-critical fixes can be applied once, rather than multiple times for many different packages. In most cases, the common distribution packaging policy has many advantages. However, Bitcoin nodes are an unusual category of software: they implement a complex group consensus in which every client verifies the behaviour of every other exactly. Even an exceptionally subtle change - including apparently harmless bugfixes - can cause a failure to reach consensus. A consensus failure of one client is a security risk to the user of that client. A significant number of nodes failing to reach consensus - as happened in March 2013 due to a change in database libraries[1] - is a critical problem that threatens the functionality and security of the system for all users. For this reason, it is _vital_ that as much of the network as possible uses _unmodified_ implementations that have been carefully audited and tested, including dependencies. For instance, if the included copy of LevelDB in bitcoind is replaced by a system-wide shared library, _any_ change to that shared library requires auditing and testing, a requirement generally not met by standard distributor packaging practices. Because distributed global consensus is a new area of computer science research, the undersigned request that distributors refrain from packaging Bitcoin node software (including bitcoind and Bitcoin-Qt) and direct users to the upstream-provided binaries instead _until they understand the unique testing procedures and other requirements to achieve consensus_. Beyond being globally consistent, upstream binaries are produced using a reproducible build system[2], ensuring that they can be audited for backdoors. 1. https://en.bitcoin.it/wiki/BIP_0050 2. http://gitian.org/ -----BEGIN PGP SIGNATURE----- Comment: Gavin Andresen iQIcBAEBCgAGBQJR7x3ZAAoJECnZ7msfxzDBe7gP/RghjFG2hAR5iDkeJc0g/tMS lXPXo6qbwujJxaEyH6b5NHncJPtv7s2DjxMLKFd2YGsmN7y2xujuVQ8J0hjw1SHD qEUytm7xnTe+1avom9ZdVL8RbpexJkjhJKmqSa+LCsV3DP8J71rOdjPMANAXtjSa Qb4pc/9S6CeMwtJsWD14PnWZCetIguHa2E6FHUkeyFcsJoirjTWxtr2pSOHPTuAc hCQ4EjnjmtIdAVkKSjxS+au125A6lVnVAf85gvme6CZJFtqyvcyEZEVqFoBKOL+R OaxGg3GqAr3DsOOfg6k1QDNNanu/2LebkbYxBBb1WhB2sna2t9iv8kN6VWwq0a2i NNiQHRBaQUOgWkh9u9TEeUqnH+zVZk5XwQjNQvjuUhXTALpcAZtsX7WAEKvZnpKB EKyKA9WJStmCy2Uat6r3SMu7j+T9N3Xyvjj+oq2rKuRa5V/9XqcSJLGUPguubqsD ppjbeMUv1jM60GOOkFolXMHzMogCjiunJn365NtTSGl6AmLJa8CPVKJjPWLeh8vI dw8J7+7JDx1NwMB7HMynKe+LD+nM6mOQndPBxxabQkNixHJs+/qP00Jvfz3UobpY RG8JWzGIOEOrmFt1v/qfvGJ3VuVDrkM4Mc2lgmCNPMGc2aYADc62c7y1WLYzRT3g Xgdd40Ze2GLhUCz8tn9Y =kvI8 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Comment: Gregory Maxwell iEYEARECAAYFAlHt3vkACgkQrIWTYrBBO/pIvgCeMxKKGe68EZSBjhBI19lkNcEN h/sAmwQ/ooPrYe9Th4rtk6xE02vKNer5 =umy6 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Comment: Luke Dashjr iQQcBAEBCAAGBQJR7uPcAAoJEL0ClCQh9Iif1TIf/j0129J7/0qHPzxVKvemojxl WgE/oSa2wYeWF0zJ5molT5Ox85k/3PXrGjKOc2XOGW6tfpW3eKdBt/28Pwfv3HFM j5ixX3A2it3ZaWrBqa1y8ad5JiHjFeq3F6YPCaEKuJG0eSmCYCG18whIAaWZHQP5 v+s6yGLvGVluRWyAJcFzslRFC/M+ot8FwhZSD/8ANKdesaubi16dZz1WmXgXUfZd AR6gLw/aW+FTzPJhO0VilJoMTGCeUbNfMAlQzlnchhj9VMhYX/o3J2ThDBGJnmp1 KnJiLWn34UQ3BB6JmWII3nhOk5ndhI130L48uzW8hRBWJej9QnE/AYy63W+kA8hB Y8YsTiCNOC02WBz7tlz+m136blw0Ifm0H2LLnx2NBse43hXW74/vhAIboVWJ/deN HCSEsVsHlIsdBZrS0+pYvQDzCHz173lOhocZeeXimykc+C8M5kre4FOYdZquBG1c TUMShzl27PzFpgJZFlECtrNMdT5aICTZ4tn4FQnL9bCl0hv8RW8ieWIR/DqYdHr4 fPmy3TcsPtPdCA/fS0WMudAvebL3+CYfPGlJlvu6RSXXFTW5T9xND430Cfpj5NIe kYSFQ2s09i2wtflPAqphl3uLJ7nXnm67qydLHMOrQJ81rJN67HK6mzdJE77raHXg iiqATBH3wbm6tbM9toWAxB4OD3s2O/JjM6LB10QrE3zXrJK4PIg9KeyQvlcYKmEE fBANJpP7eZaFDXrgoy6f+UM+Ka7KivWxF1qYjeGDfROffpTBNxEJ8PpQDT3D/6OI 8q1cUu0ZJ5eE4fMX1yJ1+8Z1XDMeC38ukOk3270QrBoLY6yQgmcVCQ2yV3EghVF5 WRDv44Fv6QsUKtuzsv2qAg6f6Bq5tQstx7ngoX1P1a61VvOkz174v7WSdMe6prL1 IARtLzOeQO/XmOcdfJg740wsUW5/fpe9WAzg8f5EEZIz95vQ9IVMXNT8N9H9ZPH0 Q1wFW7pOabzzG0HnHvVgUi96pkR33JHAlRO/80djTiMxr+PDCByE8BnAm/nEisHu C9dLu4zpcA1CkPUQo1Ktf/s+7BDrj3RLjJQ5ezTa5xj4xs7G9HBaSMjyJKYU+fRK EEuA6CSDBKKLPYULMUDv1/zgX19LpBpM9zIg0LvxO9LkyKPWE9po2CtJ0C86SBiX i8l0wKKFZZDVe5TKX1h+M8gfhgPtPpagcHNx+UXlHZ/z4jYT/vQod+N0oL4AgxAE bn5Rk39B1AhnvGsEiKNooJSKT1LNIdMS/dJQjNUrV+/iJlA9ze8OC0O9oq9/6v4P P4bpmrY5Jxnvs7bNgpzscOiXnBONgxq2Zt5aU114LbVkvxazRVlSD70wI3w9ITY= =XyEe -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Comment: Peter Todd iQEcBAEBCAAGBQJR7ejEAAoJECSBQD2l8JH7pygH/A9JcHIFxtuEosqi56DVpkWt breOU0kWrjdBIcWqwFBM8ojWjNRF/ovg+ssNQytC9giVtinEgWhuK8mQB7UlOXz/ 5ExQD8P2H1Vn/25vsLfc64ZJtg9ewQ2VgXHDt7blyb3sKTjVWxgNEHBVk7DbjCpX jweD3LjTBxYvXDLfBgxiCTGVoMoD/ner2Yqq5XdJ5KJDIrBiJ703Wih6skCZHUBS pmUdn0rTtrJD0knXrNmpj7/4+nLTmv9uILab2Xv6y6rXiCaUNwarNXDs2Xm4DPKn uGxIMBGjWqdqoZM/ohGyFPXLvq5DNHyt96u0QDmKUSpeZ0L+03ZmFtTgQq43VjI= =DjV3 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Comment: Mark Friedenbach iQIcBAEBAgAGBQJR7uVqAAoJEAdzVfsmodw4hNoQAJVqqmuzIwEZjVUefnaZTvwE Hdg8geZfifSNBvwQACvxZ+a1jXIR9WFXYKsWJxjaQ0RUU32O5vMbiw79+UQm/M9T jFUVuAQgIOkyW+y0vQvW5l/uwlVuM+yP406G4VaMbu5L397IiqENe3Xc2wbAR6xH JWbh6Wkj6yaEjLk3ubhDFFR1j7qiRpNqM/AhiXh7Nr7kCiSe4qaw0yVIDK79sa5P ewLljwLsg7RBorJydasiwnjVQYHi9cnaXPF0olnWEhiWymFpvPEXS0xQ7it7SYz1 8Qk3lsdf8Cdh1rgnwJ1LgR145uJtGL/c2zYhSJ6YZZNV7IpQyKTMNYuNYrwvFAoY 9KSi+0Vmf2o1KzRhEDlZA/vd6UNVbNEEWeThBnavkywEUgD6z4jREFLsXGkwyH1r QKxX8UN9xZrnEu0NUXm6ej4YmwJVl4fMIAESWFScTLHZPv4I8DY6TkGulMXdtCqz hO0olLbHiFu6CyZaqmr8q+aFlEFlAH2J7nAUD47zlcdnE5CzD5i6Wuojz+d5JFpb MWptvjnxV05wkYnVjKfxL9xmPz7prwdc5XPFaEW0yQoWU3Pxju+jULjVfgO5dSky NZwJq4o2wThORZ//so2sADUkKbCrdVmNAh8K16ffInmFMtPjNEjnbVpjKDDuH76r COMi5AwKjkaDS99BYpXf =91cA -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Comment: John Dillon iQEcBAEBCAAGBQJR9WC5AAoJEEWCsU4mNhiPg6UH/2oHzBWBPaQMhH/GCTHQEi5U 7GSRfqwihIs/M2ROHLNq0HhgWR7mPAh5TTI6+tG95FCGCGNZq0seqw9wW4ZyGCoc VueY51q4hcn23405oLD/QGK2lDxxywWY8XtFYVPqAzXTq6zRzgpNJkjoRtOAUOP7 3PrRkimYYyj0KrqFg+cEvZDT27dkeX+5PXM6Ua0o7h/TlhR2RJPhej5DI8cNLXgA f0t+mES4Apb6zLgnEYYlPp22FR9vuFcJO3z1akhVL4DLUMqr58NYHLVnH1FH0Jhn hVuld159QtCjQ5Qyn19cn86akTQJVi+ikCXqaKriCc2jBFX7TCI8WTDc6aSZpsQ= =oX5d -----END PGP SIGNATURE-----