On Mon, Jun 11, 2012 at 4:36 PM, Mike Hearn <m...@plan99.net> wrote: > Unless BDB has some weird behaviour in it, that shouldn't require any
HAHAHA. Have you consider doing comedy full time? Actual BDB files are absolutely not deterministic. Nor is the raw blockchain itself currently, because blocks aren't always added in the same order (plus they get orphans in them) But the serious inter-version compatibility problems as well as poor space efficiency make BDB a poor candidate for read only pruned indexes. > Even if a more complex scheme is used whereby commitments are in the > block chain, somebody still has to verify the binaries match the > source. If that isn't true, the software could do anything and you'd > never know. The binaries distributed by bitcoin.org are all already compiled deterministically and validated by multiple independent parties. In the future there will be a downloader tool (e.g. for updates) which will automatically check for N approvals before accepting an update, even for technically unsophisticated users. This will produce a full chain of custody which tracks the actual binaries people fetch to specific source code which can be audited, so substitution attacks will at least in theory always be detectable. Of course, you're left with Ken Thompson's compiler attack but even that can be substantially closed. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development