< luke-jr>
gmaxwell: I did raise it as a concern here over a day earlier..
< luke-jr>
not sure why he's calling you incompetent; as you say, you had nothing to do with it O.o
< gmaxwell>
18:58 < achow101> luke-jr: there was an announcement for it
< gmaxwell>
I dunno I get called incompetent because of things random people I've never heard of before on twitter says too. People can't grok decenteralization, so apparently every participant is the bitcoin project is jointly and severally responsible for everything every supporter says. or something. :P
< luke-jr>
XD
< gmaxwell>
though it sucks more when its the guy controlling bitcoin.org doing it.
< harding>
luke-jr: I've tried several times and even screwed around with the form parameters and HTTP headers, and I can't get it to send me a sign-up email or emit any debugging information, so I'm pretty sure the software is some kind of broke or another. I'll email btcdrak to see if there's something simple he can kick if he's around.
< luke-jr>
:/
< harding>
kanzure: is the bitcoin-dev mailing list being migrrated to another host? If so, do you think it'd also be able to support an -announce list that only supported sending from the mailman moderator interface?
< Emcy>
all devs who were as ever incredibly responsive with handling the recent bug and getting a patch out quickly, thank you guys. Your effort is apprecieted by me and lots of others very much, keep on trucking
< promag>
Emcy: +1
< kanzure>
mailing list drtails are still in flux, testing some new options soon
< kanzure>
someone was unabale to subscribe to -dev the other day for the same reason nobody was able to approve emails in the mod queue, has since been resolved by unspecified warren action
< kanzure>
i dunno details about existing -announce
< harding>
kanzure: I don't know anything myself except what I can observe from the public site, but if it's not being maintained by btcdrak, it may need to be migrated. I sent him an email; I'll let you know if it's in need of a new host in case that would dovetail with the -dev list stuff. Alternatively, it could probably be set up with whatever service delivers the weekly optech newsletters.
< jarthur>
We don't support Python 2 for the functional tests, right?
< sipa>
not anymore
< jarthur>
gmaxwell: https://github.com/bitcoin/bitcoin/pull/14305 for better or worse, the only other mis-named attribute I could find was in the same functional test module. Included that in the fix, but avoided the one already covered in #14300.
< jnewbery>
optech newsletter uses mailchimp. Seems fine for a weekly newsletter, but I don't know if it's appropriate for a security announcements list.
< harding>
I'd personally prefer to just use mailman, especially if it's being used for the project's other mailing lists. Also the list does all release announcements, not just security announcements. I think maybe it'd be worth considering making the list slightly higher traffic (e.g. monthly emails) and with some unique content (e.g. not exactly the same announcements that get sent to -dev) to increase the chance of readers mentioning
< harding>
delivery problems before we actually really need to send an announcement.
< luke-jr>
harding: higher traffic might result in fewer subscribers
< luke-jr>
if it's using the same tech as another list, however, that should be enough
< luke-jr>
side note: I also should set up a list for Knots announcements, but haven't found a good place to host it
< grafcaps>
#join #c-lightning
< instagibbs>
only asking here since there's no final release yet: what's the expected behavior of chain-specific conf sections with pre-0.17 nodes?
< earlz>
I've repeatedly sent emails to a core dev about this, but the CVE should have the name David Jaenson on it, not mine. He discovered it, I merely reported it. I indicated that credit should go to him when initially reporting this to core devs. https://bitcoincore.org/en/2018/09/20/notice/
< sipa>
luke-jr: ping ^
< sipa>
earlz: oh, you mean the disclosure post on bitcoincore.org, not the CVE itself?
< sipa>
i'll PR a fix if someone doesn't beat me to it (you can do it yourself too)
< earlz>
yes
< earlz>
I just want to make sure the proper person gets credit wherever it's published
< earlz>
I assume the timeline isn't mentioned in the actual CVE
< sipa>
of course; sorry for misreporting at the time - things were just a bit chaotic at the time
< earlz>
understandable
< luke-jr>
the actual CVE doesn't really have much in the way of info, it's just an id and links to other stuff
< luke-jr>
sipa: while editing, it might make sense to give awemany credit for the initial discovery too
< luke-jr>
having trouble thinking of a good way to phrase this, since David didn't make the actual report XD
< luke-jr>
maybe - 19:50 David Jaenson independently discovered the vulnerability, and his colleague earlz reported it to the Bitcoin Core security contact email.
< luke-jr>
?
< gmaxwell>
you can also just use the passive voice
< earlz>
I don't need a mention
< gmaxwell>
'discovered, and it was reported'
< earlz>
David Jaenson independently discovered the vulnerability and it was reported to the Bitcoin Core security contact email
< michagogo>
23:47:12 <sipa> create a 0.13.0 node, sync it to tip, and then upgrade to 0.17+
< provoostenator>
sipa michagogo: indeed I'm on it. Unfortunately I forgot that 0.13 needs a bigger dbcache, so it's a bit slower. At height 481850 now after 7.5 hours.
< provoostenator>
On the bright side, without segwit support, there's (slightly) fewer signatures to verify.
< phantomcircuit>
provoostenator, lol
< michagogo>
haha
< phantomcircuit>
there's a cli tool that uses curses to search source for stuff
< phantomcircuit>
i cant remember what it's called
< phantomcircuit>
i seem to remember someone here pointing me towards it as better than grepping for things
< cfields>
phantomcircuit: do you mean just 'git grep' ?
< cfields>
it pipes to less if too large
< aj>
instagibbs: entries in configuration sections should be entirely ignored by pre-0.17 nodes (unless maybe #13112 has been backported to make unknown conf options an error)