Volunteer Needed For Wallet Reviews

[harding]

We're looking for one or more volunteers to take over reviewing wallets. Anyone who is interested should post a comment below or email me at dave@dtrt.org. You can commit to reviewing one specific wallet that you like, or commit to reviewing wallets in general.

Until a volunteer is found, it is unlikely that any new wallet reviews will be completed. Starting tomorrow, I will attach a "Help Needed" label to PRs and issues that require a wallet review.

I will be leaving this issue open until we've found an active volunteer (or volunteers), or some other resolution is found.

I apologize for any inconvenience this causes.

[saivann]

Thanks. Yes, someone dedicated to this task would be ideal.

[lapp0]

Could you provide more information on the review process? Is it basically looking at a wallets source code to determine if it meets these criteria?

[harding]

@lapp0 @rendamarshall50 here's the basic process, although if you decide to volunteer, please let me know so I can help guide you through the details:

1. Pick a wallet from the list of issues: https://github.com/bitcoin/bitcoin.org/pulls?q=is%3Aopen+label%3Awallet+is%3Apr

2. Go through the requirements list and make sure the wallet really meets all of those requirements: https://github.com/bitcoin/bitcoin.org#wallets

   Here are my notes from a review I did, which may help you out. (Note: I didn't include the parts of the requirements list that didn't apply to that particular wallet, so don't copy/paste from my notes.) https://github.com/harding/wallet-reviews/blob/master/celery/2015-02-12-gocelery.com.md

3. Look at the options set in the wallet's pull request and make sure that (1) the wallet actually supports those options (see the file _translations/en.yaml in our repository for descriptions) and (2) that those are the most appropriate options.

4. If the wallet doesn't meet our requirements or the options set in its pull request aren't right, communicate that to the wallet author/pull request author and give them a chance to fix it.

5. Don't be a robot: even if the wallet passes all the steps, say something (at least to me in private) if something about the wallet doesn't feel right.

Some source code review might be needed, for example regarding our requirement that wallets not use known flawed libraries. I also like to just skim parts of the code looking for any massively obvious red flags. However, I only spend 10 to 20 minutes on code review, which is far too short to analyze any non-trivial program, and no amount of code auditing today can stop wallet authors from pushing bad code tomorrow.

If you decide you're interested in reviewing a wallet, please let me know either here or by email to dave@dtrt.org and we can work through a wallet review together. Thanks!

P.S. Thanks to /u/leakypat for submitting this issue to Reddit to help find volunteers. I (/u/harda) will also be monitoring that thread for questions and comments.

[harding]

@crwatkins has reviewed three wallets so far and done an impressive job with each, so I'm going to close this issue for now. However, if anyone else wants to volunteer to review wallets, please feel free to comment here or to email me directly at dave@dtrt.org