https://bugzilla.redhat.com/show_bug.cgi?id=1020292
Warren Togami <wtog...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(wtog...@gmail.com |
|) |
--- Comment #29 from Warren Togami <wtog...@gmail.com> ---
Sorry for the delay. Long story short, upstream Bitcoin recommends extreme
caution against shipping Bitcoin linked against the heavily patched openssl
that Fedora uses. Upstream openssl has proven to be buggy and hazardous to
consensus due to unexpected behaviors on different architectures, and they do
not have the bandwidth to doubly check bug-for-bug compatibility with another
variant that is Fedora's openssl.
https://github.com/bitcoin/secp256k1
The next major release of Bitcoin within months will switch the consensus
critical portion of secp256k1 ECDSA signing and validation to a super optimized
and 2-year audited internal implementation that will be much safer.
The upstream recommendation is to HOLD on shipping Bitcoin in Fedora until the
new version is available. The possibility of breaking the Bitcoin network due
to a large quantity of nodes having a subtly different rule is not only a
hypothetical problem. The security issue recently fixed in BIP66 would have
been a way to break the network accidentally or intentionally.
There are other challenges in the build that will require discussion with
FESCo.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review
