New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

meta-attack: unfriendly contribution setting dissuades participation and thus peer inspection of source code #119

Open

kristovatlas opened this issue Aug 11, 2016 · 0 comments

Labels

attacks countermeasures criteria

Milestone

Member

kristovatlas commented Aug 11, 2016

Perhaps it should even be valued if the source is free software: projects that are open source but using restricted licenses tend to have less peers than free software projects.
-- @schildbach
#13 (comment)

A countermeasure would be to have a less restrictive software license explicitly stated on a repo, I suppose.

Some other things that could dissuade community participation could be:

lack of contributing guidelines on repo
low rate of accepting PRs

Bounty programs might also be some kind of metric for peer review of security.

As it's late in the game to include this in our 3rd edition threat model, I'm setting this to a 4th edition milestone.

Two open source wallets that come to mind as interesting to compare:

https://github.com/blockchain/My-Wallet-V3 (The JavaScript wallet engine for Blockchain.info's web wallet and iOS app)
No contributing guideliens
No apparent license
https://github.com/bitpay/copay
Has contribution guidelines
MIT license

kristovatlas added criteria attacks countermeasures labels

kristovatlas added this to the 4th edition milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment