On 8/26/23 5:03 AM, Antoine Riard wrote:
Hi Matt,
> While you were aware of these fixes at the time, I'd appreciate it if you,
someone who hasn't spent
> much time contributing to LDK over the past two or three years, stop trying
to speak on behalf of
> the LDK project.
While this statement is blatantly false and disregards all the review
You've definitely done some review for some subset of code, mostly the anchors code which was added
not too long ago, but please don't pretend you've reviewed a large volume of the pull requests in
LDK, as far as I understand you have several other projects you focus heavily on, which is great,
but that's not being a major LDK contributor.
and robustness hardening
landed during the last two or three years
In 2022 and 2023 you:
* landed a PR removing yourself from the security-reporting list (#2323, no idea why you're trying
to speak for the project when you removed yourself!)
* fixed one bug in the anchors aggregation stuff before it was released
(#1841, thanks!)
* made some constants public (#1839)
* increase a constant (#1532)
* added a trivial double-check of user code (#1531)
You've also, to my knowledge, never joined the public bi-weekly LDK development calls, don't join
the lightning spec meeting, and don't engage in the public discord discussions where development
decisions are made.
This implies you absolutely don't have a deep understanding of all the things happening in the
project, which makes you poorly suited to speak on behalf of the project. I'm not trying to pass
judgement on whether you've contributed (you have! thanks for your contributions!), but only
suggesting that if you don't contribute regularly enough to have a good understanding of everything
going on, speaking on behalf of the project isn't appropriate.
I would appreciate it from you in the conduct of your
maintenance janitorial role to have more regard for the LDK users funds security rather than a "move
fast and break things" attitude.
While I know you feel like lightning at large isn't a protocol which takes security seriously, I
think you're pretty far off base here. Getting lightning right is *hard*, as you well know there are
many, many, many ways it can go wrong. And we, like every other lightning software project, take
that seriously, while also trying to ship features to make lightning broadly useful and usable (two
things that its historically not really been...because its hard for many reasons beyond just
security issues).
If you followed LDK (and other lightning) development more closely, I think you'd have a greater
appreciation for these things :).
As such, and with in mind all open-source ethical rules, I'll keep speaking on the behalf of the LDK
project when I see fit, whether you're pleased or not.
I'm really unsure what you mean here "open-source ethical rules" - is it your opinion that you
should speak for a project you don't really follow closely just because you think the people who do
work on it a lot aren't doing a good enough job in your opinion? That seems incredibly strange to me.
Matt
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
