On Fri, Oct 4, 2013 at 1:35 PM, Peter Todd <p...@petertodd.org> wrote: > The second caveat is more specific to Bitcoin: people tend to rebase > their pull-requests over and over again until they are accepted, but > that also means that code review done earlier doesn't apply to the later > code pushed. Bitcoin is a particularly high profile, and high profit, > target for people trying to get malicious code into the codebase.
On that note, this 2003 example of an attempt to backdoor the Linux kernel is pertinent: http://lwn.net/Articles/57135/ The backdoor in question came down to a single missing character, easily overlooked by a reviewer if a spotlight hadn't been thrown on it for other reasons. Compromising a Bitcoin implementation isn't going to be as easy as that, one would hope, but certainly it seems only a matter of time until there's an attempt at it. Following these code review discussions with much interest. -- Arto Bendiken | @bendiken | http://ar.to/ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
