As the poor printer was obviously incapable to examine the contents of bitcoin-0.x.x/src and determine what material to keep himself, the task fell back upon the sponsor, Stanislav Datskovskiy alias asciilifeform. It quickly flipped some of his bits and his sheer rage started moving hills. It readily connected to pervasive undercurrent of disdain, nurtured by many in our circle (or, rather, web), for activity of the Power Rangers and the so called "Bitcoin Foundation". Despite being drowned in graceful donations and membership fees, they just keep piling new and new code without proper specification and proper testing, making mistakes or even forks inevitable and thus providing cover for abominable interests.

From this discussion arose two proposals a proper Bitcoin Foundation and a proper development process (patch management).

The Bitcoin Foundation

Its main aim will be to maintain "lightweight, coherent and cruft-free" bitcoin implementation. Stan already posted several patches to #bitcoin-assets, such as excision of Qt and windows support, together with other people. The development thus started from Satoshi v 0.5.3 and new functions from "Bitcoin Core" will be introduced using process described below. I have provided hosting at therealbitcoin.org and was nominated for treasurer to manage donations.

Patch management

The development process is to be firmly rooted in the web of trust, based on level 2 trust by assbot, as customary for speakers on #bitcoin-assets. This means, patches are to be submitted by members in good standing (authorship proven by PGP signature) and published. Upon review, the patch will be signed by other members of the WoT. This list of patches together with list of PGP signatures will be published to keep the process completely transparent and verifiable.

Release management did not take concrete shape yet. Idea is that again, member of good standing makes a merge patch, which is reviewed/signed by the WoT members as above and if deemed passable, published as release (and baseline for future patches).

Mailing list

IRC channel is not very adequate for this task, with pastebins + bot chatter and unstructured archives, so I made a btc-dev mailing list for discussion and submission of patches. Current status is that only WoT members (in level2 trust of assbot) can post, and the message text must be PGP clearsigned. Current status is, they can post even if they aren't registered as list recipients.

Plan

The plan is to extract the patches submitted to the mailing list and publish them extra, with all their signatures for easy overview. The patches must come as two attachments - one named "x.patch" which contains only the patch text, and other one named "x.patch.sig" which contains detached GPG signature. Mailman will take these, rename them by prepending unique ID (a hash of the file) and publish. If other members want to sign the patch, they will send email with only the detached signature named "DEADBEEF_x.sig". This will then be extracted and added to list of signatures for the patch.

Open questions and problems

GPG clearsigned text mutilation

Immediately after launch there was a problem with sender's message text being automatically word-wrapped and then failing to pass the signature verification. This should not apply to attachments. Possible solutions - they must be made by sender:

  • check if your email client wraps lines or does other untoward modifications to the text (CR/LF newline conversions are fine). Diff the message with your outbox with original if it is not accepted. Recommended process is to pipe the signed message text directly to mailx or similar client without ambitions.
  • or: leave the text empty and send the signed message as first attachment. To be displayed in the archives and not scrubbed, name it "something.txt" (it needs to have text/plain mimetype). This is not yet fully supported for multiply nested MIME structures, we'll see how usual they are.
  • or: Use S/MIME (let your email client sign whole message).

Sender address

Currently anyone can take any published clearsigned text from WoT members and use it to spam the mailing list. I have not yet decided on solution, possible ones:

  • force everyone to register (only weak protection)
  • check if same text is posted twice
  • posters must put some indication the message is intended for btc-dev into signed text, otherwise message is discarded
  • signature must not be older than xxx (least invasive..but, the date is only informative)

This system got a pet name "turdatron" and official domain "therealbitcoin.org".