-
m-relay
<syntheticbird:monero.social> So
-
m-relay
<syntheticbird:monero.social>
hackerone.com/reports/2858802
-
m-relay
<syntheticbird:monero.social> someone mind explaining
-
m-relay
<syntheticbird:monero.social> because this fucker of padillac is too lazy to write up about it
-
m-relay
<ofrnxmr:xmr.mx> He's not too lazy
-
m-relay
<ofrnxmr:xmr.mx> we put out the release and havent heard back from some mining pools yet
-
m-relay
<spirobel:kernal.eu> maybe read the diff
-
m-relay
<syntheticbird:monero.social> you mean he partially revealed it the time people update?
-
m-relay
<ofrnxmr:xmr.mx> He exposed it on twitter months ago, then went to h1. He wanted to disclose at the time of release, but we waited a week to publicly speak on the issue
-
m-relay
<syntheticbird:monero.social> i don't think thats how it works
-
m-relay
<syntheticbird:monero.social> i know, but once you reveal partially you can't go back and reveal it entirely
-
m-relay
<syntheticbird:monero.social> he said on twitter is just lazy to write up about it
-
m-relay
<ofrnxmr:xmr.mx> Finds issue -> tells twitter he found issue -> goes to h1 -> gag order -> release is put out -> pools notified -> gave pools 1 week to update before we publicly announce anything -> 1 week goes by -> release notes updated -> request to disclose (today)
-
m-relay
<syntheticbird:monero.social> and?
-
m-relay
<syntheticbird:monero.social> im just saying it would have been nice to reveal it entirely, or at least have someone explain what the vuln was. I don't get why you are giving me the history of how he disclosed it, i was there when he sperged on twitter about it
-
m-relay
<ofrnxmr:xmr.mx> And that was a couple hrs ago?
-
m-relay
<ofrnxmr:xmr.mx> If its disclosed b4 pools update, we'll lost a majority of our hashrate
-
m-relay
<ofrnxmr:xmr.mx> it will be revealed entirely
-
m-relay
-
m-relay
<syntheticbird:monero.social> so what, he is just lying about laziness and waiting a few week before writing about it?
-
m-relay
<spirobel:kernal.eu>
bitcoin/bitcoin #27586
-
m-relay
<syntheticbird:monero.social> (ofrn reacted with a thumbs up irc) ok well i pretty hope he do because vuln fix like that would be interesting to know in details, for you know... other node implementations out there, not giving any name
-
m-relay
<ofrnxmr:xmr.mx> we need to (be like zephyr and), attack zephyr, salvium, maybe even zano
-
m-relay
<ofrnxmr:xmr.mx> (zephyr knew about the money print bug and didnt tell haven)
-
m-relay
<syntheticbird:monero.social> you and I aren't on the same wavelength tonight aren't we.
-
m-relay
<syntheticbird:monero.social> but that's valid lol
-
m-relay
<spirobel:kernal.eu> probably a cpp issue. rust saved the day again.