Message ID | 20210512212120.647405-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/bitcoin: security bump to version 0.21.1 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Tag as a security bump as having an up to date bitcoin is important: > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
Hello buildroot folks, On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote: > Tag as a security bump as having an up to date bitcoin is important: > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md Instead of patching this thing, wouldn't it be better to remove bitcoin support? After all it's just a ponzi scheme with a humongous bad environmental impact. The electricity consumption is estimated for around 180 TWh for 2021 alone, a lot sourced from dirty coal power, with the potential risk of worsening power grid stability in some places of the world. I don't think it's ethically justifiable to support proof-of-work stuff like this. Greets Alex > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/bitcoin/bitcoin.hash | 4 ++-- > package/bitcoin/bitcoin.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/bitcoin/bitcoin.hash b/package/bitcoin/bitcoin.hash > index 3c65c3d730..6ea3398037 100644 > --- a/package/bitcoin/bitcoin.hash > +++ b/package/bitcoin/bitcoin.hash > @@ -1,5 +1,5 @@ > -# From https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA256SUMS.asc > -sha256 1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37 bitcoin-0.21.0.tar.gz > +# From https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc > +sha256 caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0 bitcoin-0.21.1.tar.gz > > # Hash for license file > sha256 96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644 COPYING > diff --git a/package/bitcoin/bitcoin.mk b/package/bitcoin/bitcoin.mk > index 5f1684879c..142521835c 100644 > --- a/package/bitcoin/bitcoin.mk > +++ b/package/bitcoin/bitcoin.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -BITCOIN_VERSION = 0.21.0 > +BITCOIN_VERSION = 0.21.1 > BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION) > BITCOIN_AUTORECONF = YES > BITCOIN_LICENSE = MIT > -- > 2.30.2 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
Dear Alex, Le jeu. 13 mai 2021 à 19:34, Alexander Dahl <post@lespocky.de> a écrit : > > Hello buildroot folks, > > On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote: > > Tag as a security bump as having an up to date bitcoin is important: > > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > > > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md > > Instead of patching this thing, wouldn't it be better to remove > bitcoin support? After all it's just a ponzi scheme with a humongous > bad environmental impact. The electricity consumption is estimated > for around 180 TWh for 2021 alone, a lot sourced from dirty coal > power, with the potential risk of worsening power grid stability in > some places of the world. > > I don't think it's ethically justifiable to support proof-of-work > stuff like this. I've nothing against dropping this package. > > Greets > Alex > > > > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > --- > > package/bitcoin/bitcoin.hash | 4 ++-- > > package/bitcoin/bitcoin.mk | 2 +- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/package/bitcoin/bitcoin.hash b/package/bitcoin/bitcoin.hash > > index 3c65c3d730..6ea3398037 100644 > > --- a/package/bitcoin/bitcoin.hash > > +++ b/package/bitcoin/bitcoin.hash > > @@ -1,5 +1,5 @@ > > -# From https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA256SUMS.asc > > -sha256 1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37 bitcoin-0.21.0.tar.gz > > +# From https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc > > +sha256 caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0 bitcoin-0.21.1.tar.gz > > > > # Hash for license file > > sha256 96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644 COPYING > > diff --git a/package/bitcoin/bitcoin.mk b/package/bitcoin/bitcoin.mk > > index 5f1684879c..142521835c 100644 > > --- a/package/bitcoin/bitcoin.mk > > +++ b/package/bitcoin/bitcoin.mk > > @@ -4,7 +4,7 @@ > > # > > ################################################################################ > > > > -BITCOIN_VERSION = 0.21.0 > > +BITCOIN_VERSION = 0.21.1 > > BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION) > > BITCOIN_AUTORECONF = YES > > BITCOIN_LICENSE = MIT > > -- > > 2.30.2 > > > > _______________________________________________ > > buildroot mailing list > > buildroot@busybox.net > > http://lists.busybox.net/mailman/listinfo/buildroot > > -- > /"\ ASCII RIBBON | »With the first link, the chain is forged. The first > \ / CAMPAIGN | speech censured, the first thought forbidden, the > X AGAINST | first freedom denied, chains us all irrevocably.« > / \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie) Best Regards, Fabrice
Hi Alex, Fabrice, all On Thursday, May 13th, 2021 at 6:39 PM, Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote: > Dear Alex, > > Le jeu. 13 mai 2021 à 19:34, Alexander Dahl post@lespocky.de a écrit : > > > Hello buildroot folks, > > > > On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote: > > > > > Tag as a security bump as having an up to date bitcoin is important: > > > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > > > > > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md > > > > Instead of patching this thing, wouldn't it be better to remove > > bitcoin support? After all it's just a ponzi scheme with a humongous > > bad environmental impact. The electricity consumption is estimated > > for around 180 TWh for 2021 alone, a lot sourced from dirty coal > > power, with the potential risk of worsening power grid stability in > > some places of the world. > > > > I don't think it's ethically justifiable to support proof-of-work > > stuff like this. > > I've nothing against dropping this package. I understand that Bitcoin is a dividing topic. Everyone have the right to their own opinions and can decide for themselves if they want use (or not use) a certain package. But I don't see a technical reason for why it should be removed. The package is important to Bitcoin users of Buildroot. Best regards, D. Olsson PGP: 8204A8CD
Hei hei, On Thu, May 13, 2021 at 07:46:23PM +0000, D. Olsson via buildroot wrote: > Hi Alex, Fabrice, all > > On Thursday, May 13th, 2021 at 6:39 PM, Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote: > > > Dear Alex, > > > > Le jeu. 13 mai 2021 à 19:34, Alexander Dahl post@lespocky.de a écrit : > > > > > Hello buildroot folks, > > > > > > On Wed, May 12, 2021 at 11:21:20PM +0200, Fabrice Fontaine wrote: > > > > > > > Tag as a security bump as having an up to date bitcoin is important: > > > > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > > > > > > > > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md > > > > > > Instead of patching this thing, wouldn't it be better to remove > > > bitcoin support? After all it's just a ponzi scheme with a humongous > > > bad environmental impact. The electricity consumption is estimated > > > for around 180 TWh for 2021 alone, a lot sourced from dirty coal > > > power, with the potential risk of worsening power grid stability in > > > some places of the world. > > > > > > I don't think it's ethically justifiable to support proof-of-work > > > stuff like this. > > > > I've nothing against dropping this package. > > I understand that Bitcoin is a dividing topic. Everyone have the right > to their own opinions and can decide for themselves if they want use > (or not use) a certain package. > > But I don't see a technical reason for why it should be removed. > The package is important to Bitcoin users of Buildroot. No, it's not a technical question. It's an ethical question, a question about responsibility for future generations. Does buildroot want to support this software? We as software developers are also responsible for our actions, and if you want to run bitcoin, your choice. But I don't see an obligation for the buildroot project to make that easier or support that. Greets Alex
Am Thu, 13 May 2021 19:46:23 +0000 schrieb D. Olsson via buildroot: >> > I don't think it's ethically justifiable to support proof-of-work >> > stuff like this. >> >> I've nothing against dropping this package. > > I understand that Bitcoin is a dividing topic. Everyone have the right > to their own opinions and can decide for themselves if they want use (or > not use) a certain package. > > But I don't see a technical reason for why it should be removed. > The package is important to Bitcoin users of Buildroot. Hi, being aware that I will enter a shit-storm area I agree with you that buildroot should not suppress legally available packages for whatever reason. Regards, Bernd
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes: > Am Thu, 13 May 2021 19:46:23 +0000 schrieb D. Olsson via buildroot: >>> > I don't think it's ethically justifiable to support proof-of-work >>> > stuff like this. >>> >>> I've nothing against dropping this package. >> >> I understand that Bitcoin is a dividing topic. Everyone have the right >> to their own opinions and can decide for themselves if they want use (or >> not use) a certain package. >> >> But I don't see a technical reason for why it should be removed. >> The package is important to Bitcoin users of Buildroot. > Hi, > being aware that I will enter a shit-storm area I agree with you that > buildroot should not suppress legally available packages for whatever > reason. I agree. In this particular case I am more worried that the original submitter (and the person listed in DEVELOPERS) has not done anything to keep it uptodate since it was submitted 2.5 years ago. Given how important security fixes are for this package and how we have limited resources for security support, I would also prefer to remove the package unless someone steps up to maintain it.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Tag as a security bump as having an up to date bitcoin is important: > https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com > https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2021.02.x, thanks.
diff --git a/package/bitcoin/bitcoin.hash b/package/bitcoin/bitcoin.hash index 3c65c3d730..6ea3398037 100644 --- a/package/bitcoin/bitcoin.hash +++ b/package/bitcoin/bitcoin.hash @@ -1,5 +1,5 @@ -# From https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA256SUMS.asc -sha256 1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37 bitcoin-0.21.0.tar.gz +# From https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc +sha256 caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0 bitcoin-0.21.1.tar.gz # Hash for license file sha256 96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644 COPYING diff --git a/package/bitcoin/bitcoin.mk b/package/bitcoin/bitcoin.mk index 5f1684879c..142521835c 100644 --- a/package/bitcoin/bitcoin.mk +++ b/package/bitcoin/bitcoin.mk @@ -4,7 +4,7 @@ # ################################################################################ -BITCOIN_VERSION = 0.21.0 +BITCOIN_VERSION = 0.21.1 BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION) BITCOIN_AUTORECONF = YES BITCOIN_LICENSE = MIT
Tag as a security bump as having an up to date bitcoin is important: https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/bitcoin/bitcoin.hash | 4 ++-- package/bitcoin/bitcoin.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)