Bitcoin and Ubuntu

[Scott Howard]

message got bounced from ubuntu-release, resending with my @ubuntu address

On Thu, Dec 12, 2013 at 5:00 PM, Micha Bailey <michabailey at gmail.com> wrote:
> Apologies for the cross-post, but I wasn't sure which mailing list would be
> most appropriate.
> Also, please note that I am writing this as myself, not as a representative
> of the Bitcoin project or development community.

As one of the Debian maintainers for the package, I agree that the
network protocol is in such a flux that it is not suitable for stable
release yet. Old versions not only hurt users, but pose a threat to
the network as a whole. PPAs are more appropriate, at least for the
time being. Debian has an RC bug preventing migration to testing for
this and other reasons [1]. Perhaps blacklisting bitcoin import from
Debian, and removing it from the Ubuntu repositories, is reasonable.

This is difficult, because many users rely on the package - and
removing it from the repositories will leave them vulnerable. However,
keeping the package in the repositories potentially makes more users
vulnerable.

Another alternative would be to have a MOTU/dev that is interested
perform day-of-release backports, and encourage users to enable
backports. However, this could create a situation where the stable
release contains a harmful version, and only the backport version
would be safe to use. This is probably unacceptable to both Ubuntu and
Bitcoin.

Also, the bitcoin package is only really necessary to run a full node.
Users that want to run a wallet can use electrum (in ubuntu and
debian) or multibit (not in Debian yet, but someone is working on it).

At some point bitcoin should be stable enough that full node software
can be included in Ubuntu and Debian releases, but for now it is
probably best to use the PPA.

Regards,
Scott
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272

On Thu, Dec 12, 2013 at 5:14 PM, Scott Howard <showard314 at gmail.com> wrote:
> On Thu, Dec 12, 2013 at 5:00 PM, Micha Bailey <michabailey at gmail.com> wrote:
>> Apologies for the cross-post, but I wasn't sure which mailing list would be
>> most appropriate.
>> Also, please note that I am writing this as myself, not as a representative
>> of the Bitcoin project or development community.
>
> As one of the Debian maintainers for the package, I agree that the
> network protocol is in such a flux that it is not suitable for stable
> release yet. Old versions not only hurt users, but pose a threat to
> the network as a whole. PPAs are more appropriate, at least for the
> time being. Debian has an RC bug preventing migration to testing for
> this and other reasons [1]. Perhaps blacklisting bitcoin import from
> Debian, and removing it from the Ubuntu repositories, is reasonable.
>
> This is difficult, because many users rely on the package - and
> removing it from the repositories will leave them vulnerable. However,
> keeping the package in the repositories potentially makes more users
> vulnerable.
>
> Another alternative would be to have a MOTU/dev that is interested
> perform day-of-release backports, and encourage users to enable
> backports. However, this could create a situation where the stable
> release contains a harmful version, and only the backport version
> would be safe to use. This is probably unacceptable to both Ubuntu and
> Bitcoin.
>
> Also, the bitcoin package is only really necessary to run a full node.
> Users that want to run a wallet can use electrum (in ubuntu and
> debian) or multibit (not in Debian yet, but someone is working on it).
>
> At some point bitcoin should be stable enough that full node software
> can be included in Ubuntu and Debian releases, but for now it is
> probably best to use the PPA.
>
> Regards,
> Scott
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272