it would be good to be prepared for the moment that bitcoincore.org comes under attack, exploiting legal or other loopholes
it's not a matter of *if*, but *when*
it's a bit of a single point of failure which makes it an attractive target for people on a crusade against bitcoin
if you want to help, make mirrors (can we do something like "deterministic verifiable builds for websites"?), host the files, seed the torrents, show them what censorship resistance means
@0x0ff yes, wget seems suboptimal
the robust way is to clone the website off github (email@example.com:bitcoin-core/bitcoincore.org.git), so that you have a copy of the source code as well, then you can build it yourself
@0x0ff however that's for the website—it won't give you a copy of the historical release binaries, i'm not sure of a good way to mirror those, maybe best would be to make a script based on
that gets *all* releases and verifies them against their gitian.sigs hashes
@0x0ff oh this one might actually be best, it downloads SHA256SUMS.asc for an arbitrary release, verifies the signature, and downloads all the files mentioned in it:
Then to verify you use Python script that fetches index.html and everything it links to, and check the hash. Preferably from an unpredictable IP.
@orionwl Git over bittorrent? Also, it’s not that easy to take down an onion addressable self hosted website that just contains torrent links and shasums etc.
How large is the org website? It could be mirrored with torrents if it’s static. New releases are basically torrent links that let you dl your own copy of the website and from there the relevant binaries as torrents as well.
@Seccour @orionwl I think in this case the right actions have been taken. Remove an attack vector for time wasting. gmax argument is convincing too https://mastodon.social/@Raindogdance/105593716518336297
I understand that it's big waste of time and ressources. But at some point people involve in Bitcoin need to understand that if you contribute in any way to Bitcoin or its ecosystem you are a target. From ennemies of Bitcoin, to criminals, if you contribute to Bitcoin or its ecosystem, you matter
If this demand could be followed by further ridiculous demands for taking down other things then it would be worth standing up to him. But I don't see what else he can demand get taken down. Pick your battles. Other people and other sites can choose to fight this battle.
Taking down the resource after being asked to* by CSW's lawyers. There is a difference between taking down the resource, and doing so under pressure from lawyers.
I really hope it will not matter in the end if (more like when) CSW will go in court against others. But it's something that should have required slightly more thinking
@Seccour @orionwl Long term contributors and maintainers should not be choosing to fight these battles. Their time is much better utilized using their skills to advance the software. Only exception is when avoiding one battle opens the door to many more battles wasting their time. I don't think this is one of those examples.
@michaelfolkson @orionwl For sure. But I think this battle is worth it. And they also wouldn't have to fight themself directly. They could give control of the site to someone or an entity (even a non-profit) that would do the fight for them.
Removing the whitepaper was the easy way out but not the best option imo
I paid for them in 2019, will probably paid for them later on. But it's a risk I'm willing to take and that I have taken. If someone is not willing to take those risks they should stop getting involved publicly with it
@Seccour Taking risks isn't absolute, it's a gradient. BTC devs have more of an abstract risk currently, as what they do is legal (which might change/not matter _later_on_).
If you are faced with a silly, but potentially resource consuming, legal battle that's very concrete and it might be worth mitigating if you have better things to do than spending your time with lawyers.
@orionwl Saïvann Carignan and myself actually put a fair amount of effort into making the Bitcoin.org build deterministic back in the day. You can still see one legacy of that: https://bitcoin.org/sha256sums.txt. The current BitcoinCore.org build is *almost* fully deterministic with the only dynamic bit I recall being date stamps in the RSS files. Making it fully deterministic would be easy and I can port over the old verification stuff from Bitcoin.org hopefully without much effort.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!