[MacPorts] #43297: bitcoin - adopt mainstream binaries

MacPorts noreply at macports.org
Thu Apr 10 00:55:20 PDT 2014 

#43297: bitcoin - adopt mainstream binaries
--------------------------------+------------------------
  Reporter:  and.damore@…       |      Owner:  easieste@…
      Type:  enhancement        |     Status:  new
  Priority:  Normal             |  Milestone:
 Component:  ports              |    Version:  2.2.1
Resolution:                     |   Keywords:
      Port:  bitcoin, bitcoind  |
--------------------------------+------------------------

Comment (by and.damore@…):

 Replying to [comment:1 easieste@…]:
 > For my use of BTC (and open source software under OS X in general), I
 want to compile from the source for which I can verify PGP signatures.

 This despite the Bitcoin core request? This is a case where the
 functionality of the network as a whole is affected by subtle
 differencies.

 > I use MacPorts specifically so I can share the work of maintaining build
 infrastructure with other developers.

 The drawback of doing this is that in the case of the heartbleed bug the
 0.9.1 upgrade would have been useless if the openssl port hadn't been
 upgraded to 1.0.1g already. Even worse this could have given a false sense
 of security.

 > You will need to audit the chain of trust for verifying the official
 Bitcoin binaries.

 I don't like fetching the binary myself but this is a case where this kind
 of request could actually make sense, and it comes from upstream core
 developers team.

 Also the trust chain wouldn't be very different, the code is still
 available and you'd be fetching a signed binary from one of the authors.
 That's the actual trust part you're giving and it's not any worse than
 building a source tree without reading it but relying on it's openness as
 a guarantee of trust.

 Another scenario could be a (bitcoin-mp, bitcoin) pair of ports or maybe
 just a +macports variant providing the required flexibility to users
 willing to build or to patch their client package. This would compromise
 both requirements.

-- 
Ticket URL: <https://trac.macports.org/ticket/43297#comment:2>
MacPorts <http://www.macports.org/>
Ports system for OS X

More information about the macports-tickets mailing list