van der Laan ĭoes this mean that we are trusting these five people? Not quite. These keys are registered to: Wladimir J. The Keys to the KingdomĪt time of writing, these are the trusted PGP fingerprints: 71A3B16735405025D447E8F274810B012346C9A6 As such, the commit keys do not provide perfect security either, they just make it more difficult for an attacker to inject arbitrary code. While these keys are tied to known identities, it’s still not safe to assume that it will always be the case - a key could be compromised and we wouldn’t know unless the original key owner notified the other maintainers.
#Bitcoin core team code
Rather than base the integrity of the code off of GitHub accounts, Bitcoin Core has a continuous integration system that performs checks of trusted PGP keys that must sign every merge commit. But it’s unlikely that a GitHub attacker would also be able to compromise the PGP key of a Bitcoin Core maintainer. Any number of GitHub employees could use their administrative privileges to inject code into the repository without consent from the maintainers.
#Bitcoin core team full
The lesson to be learned here is to not trust GitHub! Even Bitcoin Core doesn't know the full list of people who can change the repo, as that extends to probably dozens of GitHub employees.- Peter Todd October 4, 2018įrom an adversarial perspective, GitHub can not be trusted. Bitcoin Core follows principles of least privilege that any power bestowed to individuals is easily subverted if it is abused.Ĭore is transparent about the list that matters: the PGP keys who can sign merge commits. If anyone could merge into master it would very quickly turn into a “too many cooks in the kitchen” scenario. While there are a handful of GitHub “maintainer” accounts at the organization level that have the ability to merge code into the master branch, this is more of a janitorial function than a position of power.
In early 2009 the source code for the Bitcoin project was simply a .rar file hosted on SourceForge.In fact, we have already seen Bitcoin’s focal point for development change platforms and even names! If it ceased to exist for any reason, a new focal point would emerge - the technical communications platform upon which it’s based (currently the GitHub repository) is a matter of convenience rather than one of definition / project integrity. The History of Bitcoin Coreīitcoin Core is a focal point for development of the Bitcoin protocol rather than a point of command and control. It’s certainly not obvious to a layman as to why that is the case, thus the goal of this article is to explain how Bitcoin Core operates and, at a higher level, how the Bitcoin protocol itself evolves. This has been cited as a “central point of control” of the Bitcoin protocol by various parties over the years, but I argue that the question itself is a red herring that stems from an authoritarian perspective - this model does not apply to Bitcoin. The question of who controls the ability to merge code changes into Bitcoin Core’s GitHub repository tends to come up on a recurring basis. Note: if you'd prefer to consume this essay in audio format, you can listen to it here (narrated by Guy Swann of the Bitcoin Audible Podcast.)
0 kommentar(er)
