You are viewing a single comment's thread from:

RE: EOS BP Security Statement

in #eos7 years ago

We are sorry you feel that way @gtg

The effort was honest and others in the Trinity group are saying it isn't resolved this easily. Let's let the dust settle and see how these groups resolve this issue before discounting anyones work on strengthening the EOS network.

Sort:  

We have tried to explain the problems and suggest solutions in public and private Telegram chat rooms for over two months.

To add to the points of @dan and @gtg, just curious why was the public disclosure not made littler earlier since you are considering the plugin bug a serious issue ?

Personally I think the answer for this post is

RTFM.

Aside from BOOT BIOS group not being able to stand up the chain after 3-4 days, there were still dependancies required for the plugin in question to still work.

From my observations, a lot of politics and back-channeling was done to dissuade people just like you, that's all the happened.

Same exact stuff that happens at big companies when IT tries to communicate this stuff. No one listens and then when there is any disclosure it's met with this type of tribalism because no one wants to take blame.

Now these guys are the people launching the chain in case you didn't know. Doh!

All I was saying that we should be as transparent as possible. I am not mad about EOS or any project as such but support FOSS and free knowledge sharing. So all I meant to say is that any vulnerability after giving reasonable time for the developers/companies to fix, should be released to the pucblic. In this case since there is no production network even now, your disclosure was pretty much on time. When you posted, I was under the impression that the methods and procedures for Etherium snapshot, validation and deciding on the initial token supply and main net launch all are tested and frozen and the staging network which will be used to performance - pentest will be ready in less than 24 hours time. I was not aware that these procedures are just getting planned or tested. In a nutshell, since you sounded like the production mainnet is just 2 or 3 days away from the date of publication of this post, I said it could have been done earlier. Thats all.