Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Add Aegis Wallet to wallets available for Android #445
Comments
|
@bsimic0001 It would be very unadvised to add a wallet that has no track record, no source code, no known developers, no reviews from known developers and claims to be highly secure from day one. I do hope that Aegis Wallet is what it claims to be, but I think adding Aegis Wallet on bitcoin.org would not be acceptable at this point. |
bsimic0001
commented
Jun 8, 2014
|
@saivann The wallet was released a week ago so there is not a significant track record. However, the wallet is open source and the developer (me) is involved in the Bitcoin community. The source code can be found here: https://dl.dropboxusercontent.com/u/5865684/AegisWallet.zip I can also share the Github repo with anyone who requests it. I have done so with Mike Hearn and other bitcoinj and Bitcoin devs who have requested it. The repo will be public once documentation is sufficient for developers to start using it. I am a Information Security Engineer and I do security verification of mobile applications for a living. The source code is also peer reviewed by several employees at my company (Aspect Security based out of Columbia MD) and several engineers from http://specularx.co/ who specialize in mobile cryptography software. I am also a chapter leader of the Open Web Application Security Project in NYC and I run the Bitcoin Security Project (bitcoinsecurityproject.org) which is a non-profit dedicated to securing Bitcoin users and businesses. You can view my experience and profile here: https://www.linkedin.com/in/bojansimic I have also presented at Bitcoin conferences such as Inside Bitcoins in NYC (April 2014) to discuss Bitcoin security in particular. Here is the link to my speaker profile: http://www.mediabistro.com/insidebitcoins/new-york/speakers.asp I am also very involved in the Bitcoin community here in New York City and am a member of the BitDevs meetup here where I regularly present and participate. I give regular talks on security and development practices. I would be more than happy to personally walk anyone who requests it through the security practices and code that are in Aegis Wallet. If you require further information please do not hesitate to message me anytime. Thanks and I look forward to any questions, concerns, or comments. |
bsimic0001
commented
Jul 17, 2014
|
Hi guys, Have you had a chance to look at this? The code is open source and here: https://github.com/bsimic0001/AegisWallet We have hundreds of users and Aegis is the most secure Bitcoin wallet for Android. I believe many more would benefit from it being on the Bitcoin.org site. -Bojan |
|
@bsimic0001 I was looking at your app again and searching for users' feedback and I noticed there was no activity in your git repository since July, is the project still maintained? Additionally, releases apparently aren't tagged or explicitely stated in commit messages. This is now a requirement for all wallets to get a passing "Transparency" score, https://github.com/bitcoin/bitcoin.org#wallets |
bsimic0001
commented
Sep 10, 2014
|
Yes. There is a major release scheduled for Oct 1st with additional On Wed, Sep 10, 2014 at 12:29 AM, saivann notifications@github.com wrote:
|
|
@bsimic0001 If I understand correctly, development isn't public, you're publishing the source code only once it's released? This can make it harder for the community to audit and review the code. |
hyprkey
commented
Sep 11, 2014
|
All commits are public and are committed once it is ensured that they do not break the build. The function that is currently under development would break the build and is therefore not committed yet. |
|
@hyprkey Why not publicly work on a branch? |
bsimic0001
commented
Sep 11, 2014
|
I'm the only one working on it at the moment so I didn't feel the need to On Wed, Sep 10, 2014 at 10:24 PM, saivann notifications@github.com wrote:
|
bsimic0001
commented
Sep 16, 2014
|
New version is out. Now supports Android Wear. You can see your balance and receive address on your smart watch. |
bsimic0001
commented
Sep 16, 2014
|
The latest release has been tagged in Github. |
|
Why did you restart your master branch again? This way, you're destroying the trust that has already built up by devs reviewing your code. |
bsimic0001
commented
Sep 16, 2014
|
I had to re-structure the code when I added the android wear module to the On Tue, Sep 16, 2014 at 4:29 PM, Andreas Schildbach <
|
|
You may be the only committer, but there are people reviewing your code. |
bsimic0001
commented
Sep 16, 2014
|
Well we should be good for the time being and will avoid further restarting On Tue, Sep 16, 2014 at 4:34 PM, Andreas Schildbach <
|
|
@bsimic0001 :( Indeed. This is the kind of thing that makes me further wait before being confident we can add your wallet. Good practices when it comes to transparency (which includes making it reasonably easy for people to review / fix your code) greatly reduce the need for trust. |
bsimic0001
commented
Sep 17, 2014
|
@saivann well that's really unfortunate. The wallet has been out for several months and has never given anyone reason not to trust it. The decision is up to you but I think it's the responsibility of the bitcoin community to give the public as many options as possible and let them make the determination. I think Aegis has some unique features that many want to take advantage of and having the wallet available on the bitcoin.org website would give it a significant amount of visibility. |
|
@bsimic0001 To be fair, I think our responsibility is to wait and see before listing a wallet, especially if the wallet is going to have "You have control over your bitcoins" in bold green. I agree that Aegis seems to be an interesting option for users though and has interesting security features. The issues I see thus far is the general lack of public feedback and the recent transparency issues. Therefore it's hard to make sure there's enough users testing the wallet and developers watching the repository. |
bsimic0001
commented
Sep 17, 2014
|
@saivann The decision is up to you and I will respect your decision either way and I want you to know I appreciate you taking the time to hear me out. I would be much more satisfied if there was a set of criteria which I can aim to satisfy. The application has been out for 3.5 months and has 50 reviews in the Google Play Store. In terms of public feedback, what types of proof are you looking for? Are you looking for reviews completed by specific individuals in the community? What are some examples of fulfilled criteria that other wallets who have made it onto the list met? This discussion we're having began on June 8th so I hope you understand that this is a priority for me and I would like to have some kind of idea what amount of effort is required of me to make this happen. This is an application that I have spent significant amount of my own time and resources to program. I wrote this code to help the bitcoin community and because I think it can help users truly protect their funds. |
|
As a reminder, if there is known developers in the community who wish to share opinions or ask questions, comments are always welcome in pull requests. @bsimic0001 I would gladly provide a clear set of criterias, but obviously that isn't that simple. I surely appreciate a lot your effort too, please take into consideration that time is often required before wallets are added, Hive for instance wasn't added after 3.5 months of existence IIRC while Hive Android was added faster because it was based on a widely used codebase. But sure, since your wallet is making promises regarding security and would get a good score once added, as far as I'm concerned, I tend to be more careful and let the app pass the test of time if I'm unsure about something. Regarding transparency: The recent issues didn't help since all other open-source wallets are not just publishing the source code, they are tagging / commiting releases and development is also public (commits and pull requests get merged and discussed publicly between final releases) in such a way that this makes it easy to watch and review development. If Aegis meets the same requirements for a few months, I would be more positive with adding it on bitcoin.org . Regarding feedback: Reviews on Google Play are good, although 50 is still not much since none of them include comments IIRC. I couldn't find much feedback on reddit, BitcoinTalk, and more importantly, no feedback or technical review from any known members of the community or developers. As far as I'm concerned, every single bit of information that leads me to conclude there is few risk or trust involved with listing your wallet is helpful. @bsimic0001 This may be some communication issues in part, but the fact that the wallet was initially claimed as very secure and open-source while having no public codebase and no history, and that you seemed to push for the wallet to be added ("It should be added to the list of wallets") while not identifying yourself as the developer also initially raised more suspicion on my side. |
bsimic0001
commented
Sep 17, 2014
|
@saivann Thanks for the information. I will aim to increase visibility of the wallet and involve the community more so that your decision can be made soon. |
saivann
added
the
Wallets
label
Oct 8, 2014
|
@bsimic0001 Two users were reporting problems with Aegis and your website here; http://www.reddit.com/r/Bitcoin/comments/2lm1r8/aegis_wallet_not_working_anyone_else_having/ One said: "Contact the developer directly... He is working on a fix and was able to retrieve my BTC." Can you give more details on what happened? |
bsimic0001
commented
Nov 26, 2014
|
It was an issue with the latest version of Android 4.4.4 where On Tue, Nov 25, 2014 at 9:16 PM, saivann notifications@github.com wrote:
|
|
@bsimic0001 Thanks. The source code for 1.1.4.0 (updated on November 10th) seems to be missing in the GitHub repository though. |
hyprkey
commented
Nov 26, 2014
|
It is there now. I had to merge my dev branch into the master. On Tue, Nov 25, 2014 at 9:24 PM, saivann notifications@github.com wrote:
*Bojan Simic | 859-552-3186 | @bojansimicchief Technology Officer * [image: www.hyprkey.com] http://www.hyprkey.com/ |
|
The webpage for this wallet is now a GoDaddy placeholder page, the GitHub repository hasn't been updated in over two months, and the Google Play last update is also more than two months old. I think this wallet may be dead, so I'm closing this issue. We can reopen it if anything changes. |
harding
closed this
Jan 27, 2015
|
Thanks, makes sense. The last release 1.1.4.0 wasn't tagged on GitHub also. I was also generally uncertain if the app was maintained given the quite small activity, although developers were apparently responsive previously. |
hyprkey
commented
Jan 28, 2015
|
I'm still developing the app. However, the guy who volunteered to maintain the official website has I am working on a big release to make the wallet HD. -Bojan On Tue, Jan 27, 2015 at 7:12 PM, saivann notifications@github.com wrote:
*Bojan Simic | 859-552-3186 | @bojansimicchief Technology Officer * |
|
@hyprkey ok, reopening. My apologies for closing without discussion. |
harding
reopened this
Jan 28, 2015
hyprkey
commented
Jan 28, 2015
|
Thanks David. I hope to have the site back up ASAP. On Tue, Jan 27, 2015 at 7:46 PM, David A. Harding notifications@github.com
*Bojan Simic | 859-552-3186 | @bojansimicchief Technology Officer * |
harding
added
the
Help Needed
label
Feb 27, 2015
harding
removed
the
Help Needed
label
Apr 12, 2015
|
Closing. We are now asking that new wallets proposed for the Choose Your Wallet page be submitted as a pull request. Instructions are available here: https://github.com/bitcoin/bitcoin.org#wallets Please let us know if you need any help, and sorry for any inconvenience. |
bsimic0001 commentedJun 8, 2014
There is a new free and open source wallet for Android that focuses on security.
It should be added to the list of wallets available for Android. More info can be found at this URL: http://www.aegiswallet.com/
The page in question is:
https://bitcoin.org/en/choose-your-wallet