Satoshi client auto update - page 2.

ribuck

donator

Activity: 826

Merit: 1060

Quote from: Pieter Wuille on June 16, 2012, 07:24:34 AM

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.

I understand what you're saying, but it's missing the point to think that an auto-update is OK because it securely guarantees an upgrade to a specific official binary.

If the auto-update somehow installs an official binary that has malicious behavior, it might reach 51% adoption very quickly. If people update by hand, the adoption rate is much slower and there's time for a frantic re-release if a catastrophic problem is discovered, before adoption reaches 51%.

Realpra

hero member

Activity: 815

Merit: 1000

Quote from: Pieter Wuille on June 16, 2012, 07:24:34 AM

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.

Nifty, but why?

Even the oldest BTC client can send and receive BTC as I understand it.

Sure they aren't all safe and they may crash, but we can assume their users to some extent have taken their precautions.

What if the attacker hacks your admin passes/signatures or in another way corrupts the process?

Just not worth the risk to save 2 seconds in the update process (doing it yourself with a mouse click).

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

The binaries (at least for Windows and Linux) are built using gitian. This system performs the entire compilation process in a tightly controlled virtual machine, using a deterministic build process. This means that all developers (and others, if they like) can do the build themselves, and end up with the exact same binary (byte for byte identical). We then GPG sign the result, and upload it.

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.

Realpra

hero member

Activity: 815

Merit: 1000

Quote from: ribuck on June 16, 2012, 04:44:26 AM

Quote from: kneim on June 16, 2012, 04:34:22 AM

Yes, minor bugs only with affirmation, major version not.

Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"!

Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with.

I think he meant an update button was okay, but that you ACTUALLY had to press it yourself and that major updates were a no-go, no matter what.

Garr255

legendary

Activity: 938

Merit: 1000

What's a GPU?

Quote from: kokjo on June 16, 2012, 04:45:35 AM

so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!

if you want this less secure auto-update feature, you must fork the code. and i will not use your code.

+1

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!

if you want this less secure auto-update feature, you must fork the code. and i will not use your code.

ribuck

donator

Activity: 826

Merit: 1060

Quote from: kneim on June 16, 2012, 04:34:22 AM

Yes, minor bugs only with affirmation, major version not.

Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"!

Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with.

kneim

legendary

Activity: 1666

Merit: 1000

Quote from: Realpra on June 16, 2012, 03:07:33 AM

Really don't like that:

ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.

Thanks, but no thanks.

Yes, minor bugs only with affirmation, major version not.

Or yet better: A hint in the footer, the update as a button in the menu bar.

Realpra

hero member

Activity: 815

Merit: 1000

Really don't like that:

ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.

Thanks, but no thanks.

Stardust

full member

Activity: 189

Merit: 100

Hopefully not, I don't care about M$ Windows, but no auto update for Linux please.

teste

sr. member

Activity: 312

Merit: 250

Hi,

I see there is a pull to add auto update for Windows, so I would like to suggest:

1- If the update is only bug fixes the update process should go on background (the users will have NO option to deny the update) (something like how Google Chrome update works)
2- If the update has new features, the users will be asked to update but with option to not update.

Question: Any work on auto update for Linux?

Topic: Satoshi client auto update - page 2. (Read 2477 times)