No one controls the focal point for Bitcoin development, said Jameson Lopp in his latest blogpost.
The Bitcoin veteran, who has been a crucial part of crypto developments since the beginning, opened recently about how developers run the world’s biggest decentralized financial network without fragiling it. He also attempted to answer individuals and groups that criticize bitcoin core, a large group of software veterans, programmers and even newbies, for controlling the network’s present and future developments by taking unilateral decisions.
How Bitcoin Development Works
The central point throughout the Lopp’s post remained how Bitcoin Core reaches a consensus whether or not it would merge new code proposals into their GitHub repository. Lopp explained that while the core has “maintainer” accounts that have the ability to merge code into the master branch, their duty is more janitorial than authoritative. That said, the core picks maintainer for their provable contributions over a period of time.
Each maintainer holds a unique PGP key and only these encrypted jargons could commit merge codes to the current framework, he added. A malicious actor, in this case, could still use its administrative privileges to inject code into the GitHub repository without maintainer’s consent – through a Pull Request feature.
“While these keys are tied to known identities, it’s still not safe to assume that it will always be the case — a key could be compromised and we wouldn’t know unless the original key owner notified the other maintainers,” Lopp wrote. “As such, the commit keys do not provide perfect security either, they just make it more difficult for an attacker to inject arbitrary code.”
The code that has been verified using the PGP keys into the Bitcoin mainframe is prone to auditing. Developers, for instance, can run an integrity check, dubbed as verify-commits, on their machines.
“If the script completes successfully, it tells us that every line of code that has been changed since that point has passed through the Bitcoin Core development process and been “signed off” by someone with a maintainer key,” Lopp asserted.
Nevertheless, the cypherpunk recognized that the solution was not entirely a cure but a strong prevention tactic to keep the villains out of the core.
“Constant Vigilance,” he recommended while hoping that more developers reviewing bitcoin code could ensure its growth as any other open source project.
Testing Code Coverage
Bitcoin Core includes a specific integration test suite that runs against every pull request, coupled with an extended test suite that runs every night on master. Available to every developer on GitHub, the code, according to Lopp, can be tested openly by cloning the core’s GitHub repository. The same code coverage, meanwhile, can also be viewed at Marco Falke’s page.
That said, each developer can purposely break the code to test whether or not it is committable to the original framework.
“Ultimately, each node operator governs themselves by ensuring that no one else on the network is breaking the rules to which they agree,” said Lopp. “This security model is the foundation for Bitcoin’s bottom-up governance.”