📅 Original date posted:2013-10-04
📝 Original message:On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd <pete at petertodd.org> wrote:
> The second caveat is more specific to Bitcoin: people tend to rebase
> their pull-requests over and over again until they are accepted, but
> that also means that code review done earlier doesn't apply to the later
> code pushed. Bitcoin is a particularly high profile, and high profit,
> target for people trying to get malicious code into the codebase.
On that note, this 2003 example of an attempt to backdoor the Linux
kernel is pertinent:
http://lwn.net/Articles/57135/
The backdoor in question came down to a single missing character,
easily overlooked by a reviewer if a spotlight hadn't been thrown on
it for other reasons. Compromising a Bitcoin implementation isn't
going to be as easy as that, one would hope, but certainly it seems
only a matter of time until there's an attempt at it.
Following these code review discussions with much interest.
--
Arto Bendiken | @bendiken | http://ar.to/
Arto Bendiken [ARCHIVE] /
npub1pr…wwn37
2023-06-07 15:07:19
in reply to nevent1q…v3n3
Author Public Key
npub1pr3ajzpe0z3vyzkzyd68jpk2t5m8gfhd72qsnyn3v0r5jd8zl0tqvwwn37Seen on
wss://relay.nostr.bandPublished at
2023-06-07 15:07:19Event JSON
{
"id": "bba9cad5cace8e6c0e4815d8a9f340c7702f012f2ffc855cf8b2cb32e0f6636d",
"pubkey": "08e3d9083978a2c20ac223747906ca5d367426edf28109927163c74934e2fbd6",
"created_at": 1686150439,
"kind": 1,
"tags": [
[
"e",
"c5a68e6f904af4bb9ba26063f532146fb896046fee8fed7dd28cab691644cf81",
"",
"root"
],
[
"e",
"b9ff5dae27434270ad19ed4ff99d33ffe31e3a7c338b63c90226180e5c2bab28",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2013-10-04\n📝 Original message:On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd \u003cpete at petertodd.org\u003e wrote:\n\u003e The second caveat is more specific to Bitcoin: people tend to rebase\n\u003e their pull-requests over and over again until they are accepted, but\n\u003e that also means that code review done earlier doesn't apply to the later\n\u003e code pushed. Bitcoin is a particularly high profile, and high profit,\n\u003e target for people trying to get malicious code into the codebase.\n\nOn that note, this 2003 example of an attempt to backdoor the Linux\nkernel is pertinent:\n\nhttp://lwn.net/Articles/57135/\n\nThe backdoor in question came down to a single missing character,\neasily overlooked by a reviewer if a spotlight hadn't been thrown on\nit for other reasons. Compromising a Bitcoin implementation isn't\ngoing to be as easy as that, one would hope, but certainly it seems\nonly a matter of time until there's an attempt at it.\n\nFollowing these code review discussions with much interest.\n\n-- \nArto Bendiken | @bendiken | http://ar.to/",
"sig": "49a2d938eb61d25929ab21de1d4f18e04791f289f7ee63dc3bf53a652e997fb17e09c5985bd1b80a2355bf1e9c30c9567436e21a101225ccb84d0e1a2df4c61f"
}