Announcing a Return to our Roots: The All-New Bitcoin Magazine

Linux distribution packaging and Bitcoin

by

         Linux distribution packaging and Bitcoin

This note summarises the dangers inherent in the Linux distribution packaging model for Bitcoin, and forms a request from upstream maintainers to not distribute Bitcoin node software as part of distribution package repositories without understanding the special requirements of Bitcoin.

Distributors typically unbundle internal libraries and apply other patches for a variety of generally good reasons, including ensuring that security-critical fixes can be applied once, rather than multiple times for many different packages. In most cases, the common distribution packaging policy has many advantages.

However, Bitcoin nodes are an unusual category of software: they implement a complex group consensus in which every client verifies the behaviour of every other exactly. Even an exceptionally subtle change – including apparently harmless bugfixes – can cause a failure to reach consensus. A consensus failure of one client is a security risk to the user of that client. A significant number of nodes failing to reach consensus – as happened in March 2013 due to a change in database libraries1– is a critical problem that threatens the functionality and security of the system for all users.

For this reason, it is vital that as much of the network as possible uses unmodified implementations that have been carefully audited and tested, including dependencies. For instance, if the included copy of LevelDB in bitcoind is replaced by a system-wide shared library, any change to that shared library requires auditing and testing, a requirement generally not met by standard distributor packaging practices.

Because distributed global consensus is a new area of computer science research, the undersigned request that distributors refrain from packaging Bitcoin node software (including bitcoind and Bitcoin-Qt) and direct users to the upstream-provided binaries instead until they understand the unique testing procedures and other requirements to achieve consensus. Beyond being globally consistent, upstream binaries are produced using a reproducible build system2, ensuring that they can be audited for backdoors.

Signed,

  • Gavin Andresen
  • Jeff Garzik
  • Gregory Maxwell
  • Luke Dashjr
  • Peter Todd
  • Mark Friedenbach
  1. https://en.bitcoin.it/wiki/BIP_0050
  2. http://gitian.org/

Recommended

Bitcoin Price Analysis: Blowing Through Support Levels on the Way to $3,000

Bitcoin continues to tumble lower and lower as it struggles to claim any footing in the market. It’s down almost 50% in three weeks and it’s showing very little sign of stopping. It’s currently clutching onto the $3,500 values but it doesn’t look like it can hold on much longer.

Bitcoin Schmitcoin

Op Ed: SEC’s Latest Declaration Creates Legal Minefield for Digital Assets

This broad, authoritative declaration is not unexpected, as, to date, the SEC has stated that all digital assets — regardless of whether they function as alt coins or utility tokens — are securities at least initially and, thus, subject to its jurisdiction.

Huhnsik Chung and Nicholas Secara

Op Ed: Cryptocurrency’s Unrealized Opportunities for U.S. Tax Professionals

Tax accountants and firms that specialize in cryptocurrency will emerge to capture and service this market. The first movers will be the ones who stand to capture the oversized profits.

David Kemmerer

Op Ed: Anatomy of the Tether Attack: Are Stablecoins Vulnerable?

Last month's attack on Tether contains a cautionary tale: Only those coins that can survive such attacks have the slightest chance of becoming the “holy grail" of stablecoins.

Henry He