The Bitcoin unlimited developers have created another controversial debate. By releasing the new client binaries from a private development repository, there was no way for anyone to verify if this update is legitimate. A closed source patch is never a good idea, especially when it is distributed”by accident” rather than through official channels.
Closed Source Patching Is Never A Good Idea
Bitcoin was designed to be an open-source protocol. That also means all developmental progress should be publicly verifiable. For some reason, the Bitcoin Unlimited developers decided to take a closed source approach toward releasing the recent client binaries. What makes this ordeal even more troublesome is how the binaries were “leaked’ by accident, which raised even more questions.
To put this latter feat into perspective, the new Bitcoin Unlimited binaries were published through the Launchpad platform. It is highly unusual to do so, and Peter Todd pointed that out on Twitter. While a different distribution platform is not the biggest problem, using Launchpad to release a closed source non-cryptographically-signed binary is not the right way to do things. For all people know, this binary could have been a malicious client update.
Unlimited responds to the latest DoS exploit by releasing a closed source, non-cryptographically-signed binary:
— Peter Todd (@petertoddbtc) March 22, 2017
It did not take long for bitcoin community members to react to this development. A lot of different discussion threads can be found on Reddit regarding this issue. Moreover, social media users did not take kindly to this development either, as there has been a fair amount of public outcry so far. One Twitter user even went as far as stating how “it almost appears as if Bitcoin Unlimited developers have no clue”. A very strong sentiment, albeit one that is certainly understandable.
This particular binary update fixes another bug that could affect Bitcoin unlimited nodes. The previous bug was addressed less than a week ago, yet someone manages to take advantage of this exploit before it was fully patched. As a result, a few hundred BU nodes were taken offline by an unknown assailant. Once the update was released and all clients were updated, the number of BU nodes recovered rather quickly.
However, the latest binary update allegedly forced the BU developers to take a slightly different route. They did not want the secondary exploit to be made publicly available, which is why they used a private repository to issue a fix. Once all of the critical nodes were updated, they went ahead to merge the binaries into the regular BU branch of development. A plausible explanation, assuming it is true, yet things could have been handled very differently.
Releasing a patch in a closed-source fashion is never the right way to address lingering problems, though. Development taking place behind closed doors could have all kinds of repercussions without anyone being aware of it. Some bitcoin community members feel this way of handling Bitcoin Unlimited development is “insulting”, as it gives bitcoin itself a bad name. It will be interesting to see if the BU developers will stick to this approach for future patch releases, or whether they learned a valuable lesson from this “mistake”.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.