Re: Bitcoin and Ubuntu
You may want to do the same with Litecoin. On Fri, Dec 13, 2013 at 8:44 AM, Steve Langasek steve.langa...@ubuntu.comwrote: Hi Micha, On Fri, Dec 13, 2013 at 12:00:18AM +0200, Micha Bailey wrote: For these reasons and others, including the Bitcoin software in any stable, no-updates release is not a good thing for Ubuntu users nor for the bitcoin network as a whole. There is already a PPA, maintained by Matt Corallo, one of the core developers, and linked to from http://bitcoin.org/en/download. Said PPA provides both the Bitcoin software and the BDB 4.8 packages needed for wallet compatibility with the software on other platforms. Over at Debian, their Bitcoin Packaging Team has been maintaining the package, keeping it in the unstable branch (sid) only, where it is allowed to be updated with new releases of the software. It is not included in the stable repository (wheezy), nor in testing (jessie). If I understand correctly, Ubuntu doesn't have that kind of release. It is my opinion that, given Ubuntu's methods of managing its software, it would be better to not include Bitcoin in the Ubuntu repositories, unless exceptions to the policies could be made, allowing all supported Ubuntu versions to get the latest updates as they come down from upstream. As a first step, the Bitcoin software should be removed from Trusty's repositories, assuming no exception can be made. Ideally, it would also be removed from the older repositories (Precise, Quantal, Raring, Saucy) if it can't be updated, though I'm told that's significantly harder from the perspective of the standard workflows. Since this package is in unstable only, I agree that it should not be included in Ubuntu. I've removed the package from trusty now and blacklisted it so that future versions are not synced from Debian (https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1260602). Unfortunately, it is not feasible to remove the package from stable releases. If there are versions of the package in stable releases that are actively harmful, we could accept an SRU that disables the problematic parts on upgrade (with a suitable notice). -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Re: Bitcoin and Ubuntu
On Thu, Dec 12, 2013 at 10:44:33PM -0800, Steve Langasek wrote: Since this package is in unstable only, I agree that it should not be included in Ubuntu. I've removed the package from trusty now and blacklisted it so that future versions are not synced from Debian (https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1260602). We could have demoted it to proposed and held it out with a blocking bug, approximating the unstable only situation in Debian. But I guess removing and blacklisting doesn't hurt my feelings either. My general gut feeling to any developer saying this software isn't good enough to be in a stable release is then it's not good enough to be installed. There will always be one person who installs and never upgrades, after all. ... Adam -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Re: Bitcoin and Ubuntu
On Fri, Dec 13, 2013 at 08:52:20AM -0700, Adam Conrad wrote: We could have demoted it to proposed and held it out with a blocking bug, approximating the unstable only situation in Debian. But I guess removing and blacklisting doesn't hurt my feelings either. My general gut feeling to any developer saying this software isn't good enough to be in a stable release is then it's not good enough to be installed. There will always be one person who installs and never upgrades, after all. PPAs seem the be closest repository option in Ubuntu, and allow for automatic upgrades when appropriate. Are there other packages like this? Should we set up a more formal procedure for blessed / supported PPAs? Especially with software like Bitcoin, we want to protect users from rogue PPAs. Cheers, Neal McBurnett http://neal.mcburnett.org/ -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Bitcoin and Ubuntu
Apologies for the cross-post, but I wasn't sure which mailing list would be most appropriate. Also, please note that I am writing this as myself, not as a representative of the Bitcoin project or development community. The Bitcoin software (the codebase maintained at https://github.com/bitcoin/bitcoin, also known as the Satoshi client, including bitcoind, the daemon version of the software, and Bitcoin-Qt, the GUI version of the software) is currently available in Ubuntu's software sources, specifically the Universe branch, as far back as Precise (bitcoind) and Raring (Bitcoin-Qt). There are several problems with the way Bitcoin is being distributed by Ubuntu. In this message, I'd like to mention a few of these, and try and find a way to solve the issues. Bitcoin is not a mature piece of software. It is still in beta, and new versions become available periodically. These new releases vary in nature, from adding new features to fixing bugs, some of which are critical. Bugs that are fixed can be anything from DoS bugs that can allow an attacker to cause nodes to become unresponsive or even crash, to minor graphical glitches in the Bitcoin-Qt GUI, to bugs that can inadvertently cause consensus failures, leading to a fork in the blockchain, such as the March 2013 fork. Some changes may be changes in criteria for transaction relay, such as allowing new transaction types or adjustments to the default fee policy. As I understand it, the way Ubuntu works is that when a new version of Ubuntu comes out, every 6 months, it's considered frozen, and packages that are in the repositories for that version aren't kept up to date. This is a problem for Bitcoin, given its status as a distributed consensus system that relies on the fact that nodes follow the same rules. Debian's version 0.8.3-2 of the package made the switch to using LevelDB included in the upstream code, rather than using the system LevelDB. This is explained in the debian/README.source file. Note, however, that Ubuntu releases prior to Saucy (Raring and older) haven't had this fix applied, which could potentially result in an unpredictable consensus split, as mentioned above. Additionally, there are other issues with the packaging process. Bitcoin, as of version 0.8.0, switched the blockchain indices from using Berkeley DB to using LevelDB. However, BDB is still used in the bitcoin wallet. All upstream release binaries are built using BDB version 4.8. The only version of Ubuntu which includes this version of BDB in its repositories is Lucid. Later versions build their Bitcoin packages with BDB 5.1. The problem with this is that BDB databases are not backwards-compatible with older versions of BDB. Any bitcoin wallet that is touched (created, or even once opened) by a Bitcoin binary built with a version later than 4.8 will become impossible to open with any Bitcoin binary built with an earlier version, which as mentioned includes the vast majority of Bitcoin binaries used on other platforms. This means that the wallet is not portable between platforms as is expected, and the error message is not one that clearly indicates the problem, as the failure originates in BDB and not the Bitcoin software. For these reasons and others, including the Bitcoin software in any stable, no-updates release is not a good thing for Ubuntu users nor for the bitcoin network as a whole. There is already a PPA, maintained by Matt Corallo, one of the core developers, and linked to from http://bitcoin.org/en/download. Said PPA provides both the Bitcoin software and the BDB 4.8 packages needed for wallet compatibility with the software on other platforms. Over at Debian, their Bitcoin Packaging Team has been maintaining the package, keeping it in the unstable branch (sid) only, where it is allowed to be updated with new releases of the software. It is not included in the stable repository (wheezy), nor in testing (jessie). If I understand correctly, Ubuntu doesn't have that kind of release. It is my opinion that, given Ubuntu's methods of managing its software, it would be better to not include Bitcoin in the Ubuntu repositories, unless exceptions to the policies could be made, allowing all supported Ubuntu versions to get the latest updates as they come down from upstream. As a first step, the Bitcoin software should be removed from Trusty's repositories, assuming no exception can be made. Ideally, it would also be removed from the older repositories (Precise, Quantal, Raring, Saucy) if it can't be updated, though I'm told that's significantly harder from the perspective of the standard workflows. -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Re: Bitcoin and Ubuntu
On Thu, Dec 12, 2013 at 5:00 PM, Micha Bailey michabai...@gmail.com wrote: Apologies for the cross-post, but I wasn't sure which mailing list would be most appropriate. Also, please note that I am writing this as myself, not as a representative of the Bitcoin project or development community. As one of the Debian maintainers for the package, I agree that the network protocol is in such a flux that it is not suitable for stable release yet. Old versions not only hurt users, but pose a threat to the network as a whole. PPAs are more appropriate, at least for the time being. Debian has an RC bug preventing migration to testing for this and other reasons [1]. Perhaps blacklisting bitcoin import from Debian, and removing it from the Ubuntu repositories, is reasonable. This is difficult, because many users rely on the package - and removing it from the repositories will leave them vulnerable. However, keeping the package in the repositories potentially makes more users vulnerable. Another alternative would be to have a MOTU/dev that is interested perform day-of-release backports, and encourage users to enable backports. However, this could create a situation where the stable release contains a harmful version, and only the backport version would be safe to use. This is probably unacceptable to both Ubuntu and Bitcoin. Also, the bitcoin package is only really necessary to run a full node. Users that want to run a wallet can use electrum (in ubuntu and debian) or multibit (not in Debian yet, but someone is working on it). At some point bitcoin should be stable enough that full node software can be included in Ubuntu and Debian releases, but for now it is probably best to use the PPA. Regards, Scott [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272 -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Re: Bitcoin and Ubuntu
Hi Micha, On Fri, Dec 13, 2013 at 12:00:18AM +0200, Micha Bailey wrote: For these reasons and others, including the Bitcoin software in any stable, no-updates release is not a good thing for Ubuntu users nor for the bitcoin network as a whole. There is already a PPA, maintained by Matt Corallo, one of the core developers, and linked to from http://bitcoin.org/en/download. Said PPA provides both the Bitcoin software and the BDB 4.8 packages needed for wallet compatibility with the software on other platforms. Over at Debian, their Bitcoin Packaging Team has been maintaining the package, keeping it in the unstable branch (sid) only, where it is allowed to be updated with new releases of the software. It is not included in the stable repository (wheezy), nor in testing (jessie). If I understand correctly, Ubuntu doesn't have that kind of release. It is my opinion that, given Ubuntu's methods of managing its software, it would be better to not include Bitcoin in the Ubuntu repositories, unless exceptions to the policies could be made, allowing all supported Ubuntu versions to get the latest updates as they come down from upstream. As a first step, the Bitcoin software should be removed from Trusty's repositories, assuming no exception can be made. Ideally, it would also be removed from the older repositories (Precise, Quantal, Raring, Saucy) if it can't be updated, though I'm told that's significantly harder from the perspective of the standard workflows. Since this package is in unstable only, I agree that it should not be included in Ubuntu. I've removed the package from trusty now and blacklisted it so that future versions are not synced from Debian (https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1260602). Unfortunately, it is not feasible to remove the package from stable releases. If there are versions of the package in stable releases that are actively harmful, we could accept an SRU that disables the problematic parts on upgrade (with a suitable notice). -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu