Ethereum developers are weighing changes to publicly disclosing critical bugs following the Nov. 11 “accidental hard fork.”
Geth had fixed the bug in early October following a disclosure, but it still existed in prior versions of Geth. The bug temporarily caused 80% of the network that runs on Geth to go down a different path than other clients.
Now, developers are reordering the disclosure process for security vulnerabilities in the aftermath of what some developers have called the biggest threat against Ethereum since 2016’s attack on The DAO.
That question comes with baggage. A common ethos in open-source software (OSS) such as Ethereum is that vendors are tasked “to notify those affected by vulnerabilities in a timely manner,” Summa founder James Prestwich told CoinDesk in a message. In other words, Geth has a responsibility to give dependent users a heads-up on possible complications.
Yet, blockchains, at their very core, are financial settlement mechanisms. The