[1/1] package/bitcoin: security bump to version 0.21.1

Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/bitcoin/bitcoin.hash | 4 ++--
 package/bitcoin/bitcoin.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Tag as a security bump as having an up to date bitcoin is important:
 > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

 > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.

Hello buildroot folks,

On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote:
> Tag as a security bump as having an up to date bitcoin is important:
> https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com
> 
> https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

Instead of patching this thing, wouldn't it be better to remove
bitcoin support?  After all it's just a ponzi scheme with a humongous
bad environmental impact.  The electricity consumption is estimated
for around 180 TWh for 2021 alone, a lot sourced from dirty coal
power, with the potential risk of worsening power grid stability in
some places of the world.

I don't think it's ethically justifiable to support proof-of-work
stuff like this.

Greets
Alex

> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/bitcoin/bitcoin.hash | 4 ++--
>  package/bitcoin/bitcoin.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/bitcoin/bitcoin.hash b/package/bitcoin/bitcoin.hash
> index 3c65c3d730..6ea3398037 100644
> --- a/package/bitcoin/bitcoin.hash
> +++ b/package/bitcoin/bitcoin.hash
> @@ -1,5 +1,5 @@
> -# From https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA256SUMS.asc
> -sha256  1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37  bitcoin-0.21.0.tar.gz
> +# From https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc
> +sha256  caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0  bitcoin-0.21.1.tar.gz
>  
>  # Hash for license file
>  sha256  96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644  COPYING
> diff --git a/package/bitcoin/bitcoin.mk b/package/bitcoin/bitcoin.mk
> index 5f1684879c..142521835c 100644
> --- a/package/bitcoin/bitcoin.mk
> +++ b/package/bitcoin/bitcoin.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -BITCOIN_VERSION = 0.21.0
> +BITCOIN_VERSION = 0.21.1
>  BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION)
>  BITCOIN_AUTORECONF = YES
>  BITCOIN_LICENSE = MIT
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

Dear Alex,

Le jeu. 13 mai 2021 à 19:34, Alexander Dahl <post@lespocky.de> a écrit :
>
> Hello buildroot folks,
>
> On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote:
> > Tag as a security bump as having an up to date bitcoin is important:
> > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com
> >
> > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md
>
> Instead of patching this thing, wouldn't it be better to remove
> bitcoin support?  After all it's just a ponzi scheme with a humongous
> bad environmental impact.  The electricity consumption is estimated
> for around 180 TWh for 2021 alone, a lot sourced from dirty coal
> power, with the potential risk of worsening power grid stability in
> some places of the world.
>
> I don't think it's ethically justifiable to support proof-of-work
> stuff like this.
I've nothing against dropping this package.
>
> Greets
> Alex
>
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > ---
> >  package/bitcoin/bitcoin.hash | 4 ++--
> >  package/bitcoin/bitcoin.mk   | 2 +-
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/package/bitcoin/bitcoin.hash b/package/bitcoin/bitcoin.hash
> > index 3c65c3d730..6ea3398037 100644
> > --- a/package/bitcoin/bitcoin.hash
> > +++ b/package/bitcoin/bitcoin.hash
> > @@ -1,5 +1,5 @@
> > -# From https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA256SUMS.asc
> > -sha256  1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37  bitcoin-0.21.0.tar.gz
> > +# From https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc
> > +sha256  caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0  bitcoin-0.21.1.tar.gz
> >
> >  # Hash for license file
> >  sha256  96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644  COPYING
> > diff --git a/package/bitcoin/bitcoin.mk b/package/bitcoin/bitcoin.mk
> > index 5f1684879c..142521835c 100644
> > --- a/package/bitcoin/bitcoin.mk
> > +++ b/package/bitcoin/bitcoin.mk
> > @@ -4,7 +4,7 @@
> >  #
> >  ################################################################################
> >
> > -BITCOIN_VERSION = 0.21.0
> > +BITCOIN_VERSION = 0.21.1
> >  BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION)
> >  BITCOIN_AUTORECONF = YES
> >  BITCOIN_LICENSE = MIT
> > --
> > 2.30.2
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
> --
> /"\ ASCII RIBBON | »With the first link, the chain is forged. The first
> \ / CAMPAIGN     | speech censured, the first thought forbidden, the
>  X  AGAINST      | first freedom denied, chains us all irrevocably.«
> / \ HTML MAIL    | (Jean-Luc Picard, quoting Judge Aaron Satie)
Best Regards,

Fabrice

Hi Alex, Fabrice, all

On Thursday, May 13th, 2021 at 6:39 PM, Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Dear Alex,
>
> Le jeu. 13 mai 2021 à 19:34, Alexander Dahl post@lespocky.de a écrit :
>
> > Hello buildroot folks,
> >
> > On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote:
> >
> > > Tag as a security bump as having an up to date bitcoin is important:
> > > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com
> > >
> > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md
> >
> > Instead of patching this thing, wouldn't it be better to remove
> > bitcoin support? After all it's just a ponzi scheme with a humongous
> > bad environmental impact. The electricity consumption is estimated
> > for around 180 TWh for 2021 alone, a lot sourced from dirty coal
> > power, with the potential risk of worsening power grid stability in
> > some places of the world.
> >
> > I don't think it's ethically justifiable to support proof-of-work
> > stuff like this.
>
> I've nothing against dropping this package.

I understand that Bitcoin is a dividing topic. Everyone have the right
to their own opinions and can decide for themselves if they want use
(or not use) a certain package.

But I don't see a technical reason for why it should be removed.
The package is important to Bitcoin users of Buildroot.


Best regards,

D. Olsson
PGP: 8204A8CD

Hei hei,

On Thu, May 13, 2021 at 07:46:23PM +0000, D. Olsson via buildroot wrote:
> Hi Alex, Fabrice, all
> 
> On Thursday, May 13th, 2021 at 6:39 PM, Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> 
> > Dear Alex,
> >
> > Le jeu. 13 mai 2021 à 19:34, Alexander Dahl post@lespocky.de a écrit :
> >
> > > Hello buildroot folks,
> > >
> > > On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote:
> > >
> > > > Tag as a security bump as having an up to date bitcoin is important:
> > > > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com
> > > >
> > > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md
> > >
> > > Instead of patching this thing, wouldn't it be better to remove
> > > bitcoin support? After all it's just a ponzi scheme with a humongous
> > > bad environmental impact. The electricity consumption is estimated
> > > for around 180 TWh for 2021 alone, a lot sourced from dirty coal
> > > power, with the potential risk of worsening power grid stability in
> > > some places of the world.
> > >
> > > I don't think it's ethically justifiable to support proof-of-work
> > > stuff like this.
> >
> > I've nothing against dropping this package.
> 
> I understand that Bitcoin is a dividing topic. Everyone have the right
> to their own opinions and can decide for themselves if they want use
> (or not use) a certain package.
> 
> But I don't see a technical reason for why it should be removed.
> The package is important to Bitcoin users of Buildroot.

No, it's not a technical question.  It's an ethical question, a
question about responsibility for future generations.  Does buildroot
want to support this software?  We as software developers are also
responsible for our actions, and if you want to run bitcoin, your
choice.  But I don't see an obligation for the buildroot project to
make that easier or support that.

Greets
Alex

Am Thu, 13 May 2021 19:46:23 +0000 schrieb D. Olsson via buildroot:

>> > I don't think it's ethically justifiable to support proof-of-work
>> > stuff like this.
>>
>> I've nothing against dropping this package.
> 
> I understand that Bitcoin is a dividing topic. Everyone have the right
> to their own opinions and can decide for themselves if they want use (or
> not use) a certain package.
> 
> But I don't see a technical reason for why it should be removed.
> The package is important to Bitcoin users of Buildroot.

Hi,

being aware that I will enter a shit-storm area I agree with you that 
buildroot should not suppress legally available packages for whatever 
reason.

Regards, Bernd

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Am Thu, 13 May 2021 19:46:23 +0000 schrieb D. Olsson via buildroot:
 >>> > I don't think it's ethically justifiable to support proof-of-work
 >>> > stuff like this.
 >>> 
 >>> I've nothing against dropping this package.
 >> 
 >> I understand that Bitcoin is a dividing topic. Everyone have the right
 >> to their own opinions and can decide for themselves if they want use (or
 >> not use) a certain package.
 >> 
 >> But I don't see a technical reason for why it should be removed.
 >> The package is important to Bitcoin users of Buildroot.

 > Hi,

 > being aware that I will enter a shit-storm area I agree with you that 
 > buildroot should not suppress legally available packages for whatever 
 > reason.

I agree. In this particular case I am more worried that the original
submitter (and the person listed in DEVELOPERS) has not done anything to
keep it uptodate since it was submitted 2.5 years ago.

Given how important security fixes are for this package and how we have
limited resources for security support, I would also prefer to remove
the package unless someone steps up to maintain it.

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Tag as a security bump as having an up to date bitcoin is important:
 > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

 > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x, thanks.