Few Words on Collaborative Software Development


It's a bug alright - in the kernel. How long have you been a
maintainer? And you *still* haven't learnt the first rule of kernel

If a change results in user programs breaking, it's a bug in the
kernel. We never EVER blame the user programs. How hard can this be to understand?

Responsible Disclosure

Bitcoin Hardware Wallet Ecosystem

Events in Chronological Order

  1. A security bug that affects all hardware wallets was disclosed to Trezor and Ledger (and some other hardware vendors, but for the sake of simplicity, I’ll omit them until the ending thoughts.)
  2. Trezor implemented a backwards incompatible fix in their hardware.
  3. Ledger implemented the same fix, but allows the user to use un-updated applications with a warning because they assessed the bug low severity.[src]
  4. Trezor and Ledger implemented compatibility in their software wallets.
  5. Trezor implemented compatibility in Electrum.
  6. Trezor and Ledger released their fixes and disclosed the bug.
  7. Coldcard fixed the bug in their hardware in a backwards compatible way, as their assessment was the same as Leder’s was: the bug is low severity.
  8. BTCPay is architecturally incapable to implement compatibility, thus it is dropping Trezor support.
  9. HWI and Wasabi are currently implementing compatibility.
  10. Electrum did not release the fix yet. (Not sure they will anytime soon as I think they don’t plan to release until their Lightning Network integration is done, though the current situation may change this.)
  11. (Bitcoin Core’s proper HWI support isn’t finished yet.)

Moral of the story?

 by the author.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store