Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Volunteer Needed For Wallet Reviews #778

Closed
harding opened this Issue Feb 26, 2015 · 5 comments

Comments

Projects
None yet
3 participants
Contributor

harding commented Feb 26, 2015

We're looking for one or more volunteers to take over reviewing wallets. Anyone who is interested should post a comment below or email me at dave@dtrt.org. You can commit to reviewing one specific wallet that you like, or commit to reviewing wallets in general.

Until a volunteer is found, it is unlikely that any new wallet reviews will be completed. Starting tomorrow, I will attach a "Help Needed" label to PRs and issues that require a wallet review.

I will be leaving this issue open until we've found an active volunteer (or volunteers), or some other resolution is found.

I apologize for any inconvenience this causes.

@harding harding added the Wallets label Feb 26, 2015

Contributor

saivann commented Feb 27, 2015

Thanks. Yes, someone dedicated to this task would be ideal.

@harding harding added the Help Needed label Feb 27, 2015

lapp0 commented Mar 6, 2015

Could you provide more information on the review process? Is it basically looking at a wallets source code to determine if it meets these criteria?

Contributor

harding commented Mar 6, 2015

@lapp0 @rendamarshall50 here's the basic process, although if you decide to volunteer, please let me know so I can help guide you through the details:

  1. Pick a wallet from the list of issues: https://github.com/bitcoin/bitcoin.org/pulls?q=is%3Aopen+label%3Awallet+is%3Apr

  2. Go through the requirements list and make sure the wallet really meets all of those requirements: https://github.com/bitcoin/bitcoin.org#wallets

    Here are my notes from a review I did, which may help you out. (Note: I didn't include the parts of the requirements list that didn't apply to that particular wallet, so don't copy/paste from my notes.) https://github.com/harding/wallet-reviews/blob/master/celery/2015-02-12-gocelery.com.md

  3. Look at the options set in the wallet's pull request and make sure that (1) the wallet actually supports those options (see the file _translations/en.yaml in our repository for descriptions) and (2) that those are the most appropriate options.

  4. If the wallet doesn't meet our requirements or the options set in its pull request aren't right, communicate that to the wallet author/pull request author and give them a chance to fix it.

  5. Don't be a robot: even if the wallet passes all the steps, say something (at least to me in private) if something about the wallet doesn't feel right.

Some source code review might be needed, for example regarding our requirement that wallets not use known flawed libraries. I also like to just skim parts of the code looking for any massively obvious red flags. However, I only spend 10 to 20 minutes on code review, which is far too short to analyze any non-trivial program, and no amount of code auditing today can stop wallet authors from pushing bad code tomorrow.

If you decide you're interested in reviewing a wallet, please let me know either here or by email to dave@dtrt.org and we can work through a wallet review together. Thanks!

P.S. Thanks to /u/leakypat for submitting this issue to Reddit to help find volunteers. I (/u/harda) will also be monitoring that thread for questions and comments.

Contributor

harding commented Apr 12, 2015

@crwatkins has reviewed three wallets so far and done an impressive job with each, so I'm going to close this issue for now. However, if anyone else wants to volunteer to review wallets, please feel free to comment here or to email me directly at dave@dtrt.org

@harding harding closed this Apr 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment