On Thu, Nov 18, 2021 at 09:29:24PM +0100, Prayank via bitcoin-dev wrote: > After reading all the emails, personally experiencing review process > especially on important issues like privacy and security, re-evaluating > everything and considering the time I can spend on this, I have decided to do > this exercise for 3 projects with just 1 account. I have created a salted > hash for the username as you had mentioned in the first email: > f40bcb13dbcbf7b6245becb757777586c22798ed7360cd9853572152ddf07a39 > 3 Bitcoin projects are Bitcoin Core (full node implementation), LND (LN > implementation) and Bisq (DEX). > Pull requests will be created in next 6 months. If vulnerability gets caught > during review, will publicly announce here that the project caught the PR and > reveal the de-commitment publicly. If not caught during review, will > privately reveal both the inserted vulnerability and the review failure via > the normal private vulnerability-reporting channels. A summary with all the > details will be shared later.
It's now been nine months since this email, but I don't believe there's been any public report on this exercise. Does this mean that a vulnerability has been introduced in one or all of the named projects? Cheers, aj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev