Bug#718272: Processed: reopening 718272
FWIW, I brought this up at our weekly developer meeting, and there was also another concern about apt upgrades across softforks: It could be problematic to not deploy a softfork, and problematic to deploy one without the user's consent. I think I recall Debian has a way for packages to interactively prompt the user during upgrade. Maybe if softforks were turned into a runtime option, that could resolve that issue. What do you think? For reference, the meeting log: https://bitcoin.jonasschnelli.ch/ircmeetings/logs/bitcoin-core-dev/2021/bitcoin-core-dev.2021-01-07-19.00.moin.txt Luke On Thursday 07 January 2021 18:24:39 Jonas Smedegaard wrote: > Quoting Luke Dashjr (2021-01-07 18:26:43) > > > We (upstream) already elaborated many years ago, copied here: > > > > http://luke.dashjr.org/tmp/code/20130723-linux-distribution-packaging-and > >-bitcoin.md.asc > > > > At a minimum, to be safe, Debian would need to: > > > > 1) Either: > > 1a) Build with the bundled LevelDB statically linked. > > 1b) Guarantee LevelDB package remains consensus-compatible, including NOT > > fixing any bugs without a proper consensus-compatibility audit. > > 2) Backport (at least) security fixes for Debian's security support > > period. Upstream, we generally only maintain releases for a year or so at > > most. > > Thanks for your input on upstream position on this matter, Luke, and in > particular this condensed summary. It is helpful for Debian to make its > decision. > > > - Jonas
Bug#718272: Processed: reopening 718272
We (upstream) already elaborated many years ago, copied here: http://luke.dashjr.org/tmp/code/20130723-linux-distribution-packaging-and-bitcoin.md.asc At a minimum, to be safe, Debian would need to: 1) Either: 1a) Build with the bundled LevelDB statically linked. 1b) Guarantee LevelDB package remains consensus-compatible, including NOT fixing any bugs without a proper consensus-compatibility audit. 2) Backport (at least) security fixes for Debian's security support period. Upstream, we generally only maintain releases for a year or so at most. Luke On Thursday 07 January 2021 13:51:50 Jonas Smedegaard wrote: > Quoting Debian Bug Tracking System (2020-12-27 19:33:02) > > > Processing commands for cont...@bugs.debian.org: > > > reopen 718272 > > > > Bug #718272 {Done: Jonas Smedegaard } [src:bitcoin] > > upstream does not support stable releases (block migration to testing) > > Bug reopened > > Ignoring request to alter fixed versions of bug #718272 to the same > > values previously set > > > > > thanks > > > > Stopping processing here. > > > > Please contact me if you need assistance. > > I consider Bitcoin suitable for release with stable Debian. > > If seciurity team or others disagree with that, then please elaborate on > your concerns. > > > - Jonas
Bug#900930: CVE-2018-10057 CVE-2018-10058
The severity is wrong on this. The first one is a very minor issue (only the admin can trigger it), and the second one is not a bug at all. On Wednesday 06 June 2018 21:01:42 Moritz Muehlenhoff wrote: > Package: bfgminer > Severity: grave > Tags: security > > http://www.openwall.com/lists/oss-security/2018/06/03/1
Bug#718272: [Pkg-bitcoin-devel] Bug#718272: Bitcoin still not ready for stable release in Debian
On Friday 03 November 2017 1:27:24 PM Jonas Smedegaard wrote: > Quoting Luke Dashjr (2017-11-03 11:25:23) > > > On Friday 03 November 2017 9:10:37 AM you wrote: > >> I believe Bitcoin is now stable enough for stable release. > > > > Things have only gotten less stable upstream since 2013... > > Please provide references supporting that. Back in 2013 (0.8.0 release), I was still supporting stable versions 0.4.x (originally released in 2011), 0.5.x (OR 2011), 0.6.x (OR 2012), and 0.7.x (OR 2012). No such long-term support is provided anymore - we only maintain the most recent 2 versions (with a 6 month release schedule), which gives approximately 1 year of support to any particular release. Furthermore, with increasing miner hostilities to Bitcoin in the last few years, the importance of timely deployment of softforks is even more crucial to security than previously. This past August, there was a fear that miners would violate the new softfork rules, causing a chainsplit. If that had occurred, obsolete nodes would have been vulnerable. > > What is the plan for getting security and protocol change updates > > backported to Debian stable? > > Debian standard procedures for updating stable packages. In my experience, that has been "never update, even when fixes are available" except for highly-visible security issues. :( Luke
Bug#718272: Bitcoin still not ready for stable release in Debian
On Friday 03 November 2017 9:10:37 AM you wrote: > I believe Bitcoin is now stable enough for stable release. Things have only gotten less stable upstream since 2013... What is the plan for getting security and protocol change updates backported to Debian stable? Luke
Bug#858377: libblkmaker outdated in Debian
BFGMiner should work just fine with the git version of libblkmaker, and doesn't require libblkmaker to work correctly in many common cases. The simplest solution would be to simply bump libblkmaker.
Bug#801273: installation-reports: CPU burnin never stops
Package: installation-reports Severity: minor Dear Maintainer, * What led up to the situation? Chose the CPU burnin option of the installer, and chose 10 minutes runtime. * What exactly did you do (or not do) that was effective (or ineffective)? Let it run the full 10 minutes. * What was the outcome of this action? cpuburnP6 continued running throughout the rest of the install in the background, not merely the timed 10 minutes. * What outcome did you expect instead? I expected the timer to stop it when it was done. Using the target's top command allowed me to kill the processes, which worked fine and did not disrupt the rest of the install. -- Package-specific info: Boot method: CD Image version: debian-7.8.0-amd64-netinst.iso Date: 2015-10-08 ~6 AM UTC Machine: Xeon E3-1240 Partitions: n/a Base System Installation Checklist: [O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it Initial boot: [O] Detect network card:[O] Configure network: [O] Detect CD: [O] Load installer modules: [O] Clock/timezone setup: [O] User/password setup:[O] Detect hard drives: [O] Partition hard drives: [O] Install base system:[O] Install tasks: [O] Install boot loader:[O] Overall install:[O]
Bug#744969: (no subject)
I, too, would like to see CURVE support in Debian's libzmq3. Honestly, I don't see how it's useful without it - everything is cleartext! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#753602: bfgminer: won't connect; some kind of issue with libcurl
On Thursday, July 03, 2014 1:43:08 PM Folkert van Heusden wrote: I try to mine at btcguild. I use the command-line they suggest (apart from the --api* of course): /usr/bin/bfgminer --syslog -o stratum+tcp://eu-stratum.btcguild.com: -u flok_1 -p 123 -S erupter:all --api-listen --api-network --icarus-options 115200:1:1 --icarus-timing 3.0=100 This doesn't work: Looks like PEBKAC to me. The error says it all: Jul 3 15:37:19 neo bfgminer[24326]: pool 0 JSON stratum auth failed: (null) Check your username, I don't think BTCGuild cares about the password. Luke -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#718272: [Pkg-bitcoin-devel] Bug#718272:
On Wednesday, June 25, 2014 6:53:57 PM Scott Howard wrote: On Wed, Jun 25, 2014 at 2:50 PM, Scott Howard showard...@gmail.com wrote: Thank you, Chris. I think you articulated the situation well and the options. one more thing: debian is discussion dropping libdb (the db the node, but not the wallet, uses). That might force our hand as well: either ship and support upstream's included libdb or drop the node and just ship the wallet. libdb long-term security maintenance might be challenging. You mean LevelDB? Debian should use the embedded copy regardless, due to the consensus-critical requirements. It is not possible to build BCCore wallets without the node at this time. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751655: [Pkg-bitcoin-devel] Bug#751655: Bug#751655: bfgminer: Please upload new version: 4.2.0 [WONTFIX]
On Monday, June 16, 2014 1:14:44 PM Dmitry Smirnov wrote: Bad news: I had a look at tarball which includes ccan-upstream/* files and I must say that I dramatically underestimated the mess which is there. There are so many files and licenses but also tarballs with who-knows-what. IMHO packaging this mess do not worth the effort -- it is simply too time consuming not to mention that I'm uncomfortable to upload it as is without DFSG-cleanup. I committed updated debian/copyright with all changes except for ccan- upstream/*. For now I leave package as is in hope that upstream tarball will undertake cleanup to leave only what's necessary under ccan-upstream till next release. Actually, I had intended to minimise the tarball size since before 4.0, but only noticed it failed when confirming the files were there for you. Future releases will include only: ccan/{build_assert,cast,compiler,opt,typesafe_cb} licenses/{CC0,GPL-3,LGPL-2.1} It is also safe to delete anything other than these in the current releases. Luke -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751655: [Pkg-bitcoin-devel] Bug#751655: bfgminer: Please upload new version: 4.2.0
On Sunday, June 15, 2014 8:50:55 PM Dmitry Smirnov wrote: On Sun, 15 Jun 2014 19:43:27 Luke Dashjr wrote: That's under the ccan-upstream/ path I mentioned. I'm not sure why it's failing there, though, since the file is included in all the txz files. :/ -rw-rw-r-- luke-jr/luke-jr 11804 2014-02-06 03:50 bfgminer-4.0.0/ccan- upstream/ccan/opt/helpers.c Unfortunately, ccan-upstream/* files are missing from tarball that I downloaded from github: https://github.com/luke-jr/bfgminer/archive/bfgminer-4.2.0.tar.gz I realise that complete tarballs are no longer to be found on Github hence I'm switching package watch file to monitor the following location: http://luke.dashjr.org/programs/bitcoin/files/bfgminer/ GitHub tarballs have always been broken/unsupported. ;) Luke -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751655: Bug#751655: bfgminer: Please upload new version: 4.2.0
On Sunday, June 15, 2014 9:05:13 PM Vagrant Cascadian wrote: On Sun, Jun 15, 2014 at 06:52:47PM +1000, Dmitry Smirnov wrote: On Sun, 15 Jun 2014 00:55:04 Vagrant Cascadian wrote: I didn't need to do any changes to the packaging, other than adding an updated debian/changelog with the new version. May I ask where did you get complete upstream tarball? The one I downloaded from Github seems to be missing ccan/* files that were included to previous releases... I manually built the tarballs from git, and checked out the specific version of ccan and built an .orig-ccan-upstream.tar.gz out of the commit listed in the git submodules... so I haven't actually used the tarball(s) from upstream. Maybe upstream needs to update their release process, or at least clarify how to get the ccan tarball? Production of the official source tarballs is automated by the make-release script in git. Luke -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#748306: Macros swap32tole and swap32tobe missing typecast to void or need void*
Sounds like a straightforward fix to cast the memmove to (void) as well. As I cannot reproduce this warning/error myself, can you confirm this fix is correct? From abccbc643c893726a0dd3aa6d7c7f8a9fd4c38bf Mon Sep 17 00:00:00 2001 From: Luke Dashjr luke-jr+...@utopios.org Date: Sun, 18 May 2014 21:36:24 + Subject: [PATCH] Bugfix: swap32to?e: Ensure conditionals always have the same type --- miner.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/miner.h b/miner.h index 9c00e06..333cad9 100644 --- a/miner.h +++ b/miner.h @@ -690,14 +690,14 @@ static inline void swap32yes(void*out, const void*in, size_t sz) { // end #ifdef WORDS_BIGENDIAN -# define swap32tobe(out, in, sz) ((out == in) ? (void)0 : memmove(out, in, sz)) +# define swap32tobe(out, in, sz) ((out == in) ? (void)0 : (void)memmove(out, in, sz)) # define LOCAL_swap32be(type, var, sz) ; # define swap32tole(out, in, sz) swap32yes(out, in, sz) # define LOCAL_swap32le(type, var, sz) LOCAL_swap32(type, var, sz) #else # define swap32tobe(out, in, sz) swap32yes(out, in, sz) # define LOCAL_swap32be(type, var, sz) LOCAL_swap32(type, var, sz) -# define swap32tole(out, in, sz) ((out == in) ? (void)0 : memmove(out, in, sz)) +# define swap32tole(out, in, sz) ((out == in) ? (void)0 : (void)memmove(out, in, sz)) # define LOCAL_swap32le(type, var, sz) ; #endif -- 1.8.5.5