#bitcoin-core-dev log

19:00:08 <wumpus> #startmeeting
19:00:08 <lightningbot> Meeting started Thu Mar 26 19:00:08 2020 UTC.  The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:08 <lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:10 <jnewbery> hi
19:00:17 <emilengler> hi
19:00:18 <sipsorcery> hi
19:00:19 <promag> hi
19:00:20 <achow101> hi
19:00:20 <kanzure> hi
19:00:23 <hebasto> hi
19:00:31 <wumpus> #bitcoin-core-dev Meeting: wumpus sipa gmaxwell jonasschnelli morcos luke-jr sdaftuar jtimon cfields petertodd kanzure bluematt instagibbs phantomcircuit codeshark michagogo marcofalke paveljanik NicolasDorier jl2012 achow101 meshcollider jnewbery maaku fanquake promag provoostenator aj Chris_Stewart_5 dongcarl gwillen jamesob ken281221 ryanofsky gleb moneyball kvaciral ariard digi_james amiti fjahr
19:00:33 <wumpus> jeremyrubin lightlike emilengler jonatack hebasto jb55
19:00:34 <luke-jr> ih
19:00:41 <jonasschnelli> hi
19:00:45 <fjahr> hi
19:00:50 <luke-jr> wumpus: 3-15 says " (bug fixes only until release)"
19:01:05 <amiti> hi
19:01:05 <instagibbs> luke-jr, sorry link?
19:01:10 <luke-jr> https://github.com/bitcoin/bitcoin/issues/17432
19:01:25 <wumpus> I'm okay with merging that one before 0.20.0 anyhow
19:01:38 * luke-jr shrugs
19:02:24 <wumpus> one suggested meeting topic for today: macOS notarization decision (jonasschnelli)
19:02:30 <promag> #18160 too? X)
19:02:33 <gribble> https://github.com/bitcoin/bitcoin/issues/18160 | gui: Avoid Wallet::GetBalance in WalletModel::pollBalanceChanged by promag · Pull Request #18160 · bitcoin/bitcoin · GitHub
19:03:01 <wumpus> #topic High priority for review
19:03:07 <jonatack> hi
19:03:41 <jeremyrubin> hi
19:03:59 <wumpus> promag: added 0.20 milestone
19:04:35 <wumpus> https://github.com/bitcoin/bitcoin/projects/8   8 blockers, 2 bugfixes, 6 chasing concept ACK
19:05:23 <wumpus> alternatively, everything on the 0.20.0 milestone: https://github.com/bitcoin/bitcoin/milestones/0.20.0  (includes issues and PRs)
19:05:57 <fjahr> maybe #18000 for chasing concept ACK? :)
19:05:59 <promag> wumpus: ty, if Luke is ok with it ofc
19:05:59 <gribble> https://github.com/bitcoin/bitcoin/issues/18000 | Index for UTXO Set Statistics by fjahr · Pull Request #18000 · bitcoin/bitcoin · GitHub
19:06:57 <luke-jr> promag: ?
19:07:05 <wumpus> fjahr: added
19:07:12 <fjahr> wumpus: ty
19:08:17 <promag> luke-jr: because of bugfix only policy
19:08:46 <wumpus> I think #17428 is too much  of a feature to still go in 0.20
19:08:49 <gribble> https://github.com/bitcoin/bitcoin/issues/17428 | p2p: Try to preserve outbound block-relay-only connections during restart by hebasto · Pull Request #17428 · bitcoin/bitcoin · GitHub
19:09:12 <luke-jr> promag: IMO it matters a lot less before rc1
19:09:21 <wumpus> but people may disagree on that
19:10:11 <wumpus> anyone with an opinion whether preserve outbound should be in 0.20?
19:11:15 <luke-jr> I haven't looked at it since it had that security issue; will look again after meeting
19:11:28 <jonasschnelli> feature; missed the deadline. No need to rush it into 0.20?
19:11:33 <wumpus> ok if not, I'm moving it to the 0.21
19:11:39 <hebasto> agree
19:12:54 <instagibbs> it's already in 0.19 so it's not a regression of any sort at least(IIRC)
19:13:28 <wumpus> right, it would have been nice to have, but agree it's not a good idea to rush it in
19:13:48 <wumpus> it could be considered for backporting to 0.20.1 when it lands I guess
19:14:46 <wumpus> #topic macOS notarization (jonasschnelli)
19:14:54 <jonasschnelli> #18187
19:14:57 <gribble> https://github.com/bitcoin/bitcoin/issues/18187 | Add macOS notarization (including stapling) by jonasschnelli · Pull Request #18187 · bitcoin/bitcoin · GitHub
19:15:23 <jonasschnelli> The problem is, when we do notarize the macOS versions, it creates a tcp check connection with apples servers
19:15:30 <jonasschnelli> Which is kinda a no-go IMO
19:15:57 <jonasschnelli> So the question is, do we want to help newby users by not needing to right-click-open the app, but reduce pricavy, ... or focus on higher provacy
19:16:25 <jonasschnelli> I personally think preserving privacy has the higher focus right now
19:16:40 <jonasschnelli> See this comment: https://github.com/bitcoin/bitcoin/pull/18187#issuecomment-592453829
19:16:42 <wumpus> so it won't do the TCP check for notarization if it's not notarized?
19:16:54 <jonasschnelli> Yes. It won't
19:17:18 <jonasschnelli> (though you either have to right-click open the app or disable the security feature)
19:17:26 <wumpus> I think I'd slightly prefer to err on the side of privacy then
19:18:07 <jonasschnelli> I think it make sense to "deposit" the possibility to notarize until apple enforces it or users really demand it
19:18:17 <achow101> I thought the notarization could be stapled which would prevent the phone home
19:18:18 <luke-jr> I agree with wumpus
19:18:29 <jonasschnelli> achow101: it still does
19:18:33 <jonasschnelli> I tested it
19:18:33 <luke-jr> achow101: apparently it still checks for revocations
19:18:39 <achow101> that's a shame
19:19:09 <jonasschnelli> achow101: With stapling, you can use it offline... but if you online, it still checks the validity
19:19:24 <luke-jr> which isn't entirely unreasonable, but IMO should go over Tor if forced; but good luck convincing Apple
19:19:47 <hebasto> could we maintain both versions?
19:20:00 <luke-jr> hmm
19:20:03 <cfields> Checking for revocations implies that it could be revoked by someone other than us. IMO that's reason enough.
19:20:05 <jonasschnelli> We could... as long as the hashes are different...
19:20:13 <jonasschnelli> but probably not worth it and will lead to more confusion
19:20:20 <luke-jr> is there a benefit to having the signed-but-not-notarised variant at all?
19:20:22 <wumpus> maintaining two versions sounds overkill to me
19:20:31 <wumpus> it's not worth it for such a small thing
19:20:38 <luke-jr> ie, can we just do unsigned and signed+notarised?
19:20:40 <jonasschnelli> the "right-click-open" approach could be better communicated (release notes, or even in the DMG)
19:20:43 <luke-jr> wumpus: we already have two versions really
19:21:00 <luke-jr> jonasschnelli: it was in at least one rel notes, maybe restore that
19:21:23 <wumpus> in general having mulitple choices for download confuses users
19:21:30 <jonasschnelli> Best would be a note in the dmg.. but yeah. meh.
19:21:36 <luke-jr> website could say right click thing too
19:21:41 <wumpus> agreed
19:21:54 <wumpus> mentioning it makes sense
19:21:59 <luke-jr> ooh, how about having hte DMG background image say it?
19:22:07 <jonasschnelli> yes. That.
19:22:23 <luke-jr> if they right-click open in the DMG, does that fix single-click later after they copy?
19:22:33 <jonasschnelli> Copy to /Application, 1. time start with "right click open"... (something like that in the .tiff)
19:22:47 <jonasschnelli> luke-jr: very unlikely
19:23:08 <luke-jr> jonasschnelli: does the signature do anything for us anymore?
19:23:25 <cfields> don't you have to have the dmg already open to see the background? Implying that you've already right-clicked?
19:23:38 <jonasschnelli> heh.. yeah. and that.
19:23:40 <luke-jr> do they rightclick the DMG, or rightclick the app?
19:23:59 <jonasschnelli> luke-jr: what do you mean with "signature do anything?"?
19:24:22 <luke-jr> jonasschnelli: the point of the signature was to avoid a right-click, wasn't it?
19:24:28 <luke-jr> if we need to right-click anyway, why sign?
19:24:40 <cfields> luke-jr: I'm now wondering the same.
19:24:40 <luke-jr> (Apple signature, I mean, obviously we still do a real gitian sig)
19:25:10 <cfields> Does the right-click trick still work for completely unsigned apps?
19:25:15 <jonasschnelli> Well... the apples idea is _not_ that signatures avoid right click. But yeah. With enforce notarization (10.14) we are back at the same problem.
19:25:24 <wumpus> I'm not sure, they might start enforcing signing before enforcing notarization
19:25:25 <jonasschnelli> cfields: good questions.
19:25:59 <cfields> We should assume they'll eventually enforce everything they introduce.
19:26:07 <jonasschnelli> All that stuff would be acceptable. If there would not be a mandatory call-apple connection that reveale the application-hash to apple.
19:26:17 <luke-jr> cfields: AFAIK they still don't enforce signing strictly
19:26:22 <wumpus> why *would* we stop signing? we already hve the flow for that anyhow
19:26:42 <luke-jr> wumpus: it's an extra step; and it means we could stay with just 2 variants AND notarise
19:26:43 <wumpus> I don't see any pressing reason to change that
19:26:48 <jonasschnelli> indeed
19:27:12 <jonasschnelli> Lets just see how Apple continues with notarization and have the stuff ready for a sitaution where we need it.
19:27:27 <jonasschnelli> Maybe add a right-click info to the dmg/background
19:27:34 <luke-jr> also, by stopping signing, maybe it will make it politically harder for Apple to enforce the notary? *shrug*
19:27:37 <wumpus> yes, let's be prepared for when it is stricty enforced, that's likely to happen a tsome point
19:27:55 <luke-jr> could be argued either way I suppose
19:28:18 <luke-jr> but if there's no benefit to the signing, it's trivial to just not do it
19:28:53 <wumpus> I'd prefer to not change it last minute for 0.20 at least, could reconsider for 0.21 if it makes sense, but dunno
19:29:00 <jonasschnelli> Signing has benefits,... at almost no costs. Lets keep it.
19:29:07 <luke-jr> jonasschnelli: what benefit?
19:29:20 <wumpus> jonasschnelli: agreed
19:29:22 <wumpus> any other topics?
19:29:38 <jonasschnelli> luke-jr: users not verifiny gitian signaturs have a tiny proof of authicity.
19:29:52 <jonasschnelli> /topic
19:30:15 <luke-jr> jonasschnelli: if they don't verify gitian, why would they verify this?
19:30:18 <sipa> hi!
19:30:31 <jonasschnelli> luke-jr: the os does
19:30:35 <wumpus> sipa: you're just in time for the end of the meeting it seems :)
19:30:38 <luke-jr> jonasschnelli: when?
19:30:45 <wumpus> (unless someone has a topic)
19:31:16 <wumpus> #endmeeting