We are a small team and all such RFC’s are welcome for sure. I agree with the premise of backwards compatibility problems leading to vulnerabilities.
Alpha → Beta there has to be a security review and this is where many patches and similar options will be included and documented properly. There are answers and we have simulations nd scripts to simulate many attacks. We also have answers for all the attacks we are aware of, but almost no time to fully and publically document them all yet. There is an attacks section in the documentation (which is again being updated).
Docs are a real issue as we are iterating fast through tests. Code docs are OK as they are auto generated on PR’s etc. but overall docs are in transition once again.
Not putting this off by any means, it is important, but resources are too stretched right now, we will resource the security audits properly during the audits. All help appreciated though.
I believe you’re referring to my conversation with @janitor:
If you route through random relay nodes that are owned by LE to connect to NAE Managers owned by LE and request a chunk tagged by LE from a Vault that is run by LE, it follows that you are participating in a network that is completely operated by LE.
I don’t think this is a good idea any more than requiring encryption via the ffi layer or any other IPC layer. It really isn’t protecting much on the local system because if you can see the traffic you also have the ability to replace or hot patch the launcher process.
Edit: just saw Krishna’s reply and I agree with all of it. I saw your reply and agree as well, remoting should be outside the core product.
I tried to compile the async branch of safe_vault and it fails, and I conclude that we won’t see testnet 4 until some time after the next weekly dev update.
Would be nice for us believers to buy additional MAID at a great price
High-tech engines take time to build. Once working properly everyone realises they need them. Not so much prior that.
I wasn’t encouraging speculator trolls, just neutrally reporting facts. Only a total idiot would sell because the testnet were delayed. Dear trolls: please engage in pastimes that would make the world better place, such as playing soccer on the freeway… while drunk…
EDIT: I was asked to “tone this down” because a troll complained.
I didn’t actually expect it to compile, because if it were compiling then they would surely have merged it with the master branch. But the fact that it doesn’t, means we have to wait until it is debugged.
Unless … There was a much bigger change in other branches of several repo’s that also meant we had to get off ccrates.io and use github repo’s till we get some upstream parts merged
.