/bitcoin.org

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Added CoinJar as a web wallet resource. #737

Closed
wants to merge 2 commits into
from

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
Wallets
Projects
None yet
Milestone
No milestone
4 participants
@shibacomputer @harding @saivann @Cobra-Bitcoin
@shibacomputer

shibacomputer commented Feb 6, 2015

Pretty straightforward! Added appropriate information as directed.

@harding harding added the Wallets label Feb 7, 2015

@shibacomputer

shibacomputer commented Feb 10, 2015

Hi all, any progress on this?
@harding
Contributor

harding commented Feb 10, 2015

@helveticade I haven't had a chance to perform a review yet, but I just took a quick look. One blocking issue is that CoinJar doesn't seem to support HSTS for its servers. You can see this for yourself by clicking on one of the results from this page, scrolling to the Protocol Details section, and looking at the item named "Strict Transport Security (HSTS)". For CoinJar's servers, it says, "No".

According to our policy, "websites serving executable code or requiring authentication must use HSTS with a max-age of at least 180 days."

Are you able to ask CoinJar to enable HSTS on their servers? Based on some of the other features they use on their servers, I don't think it would be complicated for them.
@harding
Contributor

harding commented Feb 10, 2015

@helveticade oh, I forgot to say: thanks for submitting this wallet proposal!
@saivann
Contributor

saivann commented Feb 10, 2015

For the record, the current CEO of Coinjar (Zhou Tong) was previously the CEO of bitcoinica, a service that suffered significant failures. So I wasn't sure if Coinjar could be added as per this requirement:

No indication that users have been harmed considerably
by any issue in relation to the wallet

However, unless I'm mistaken somewhere or someone disagrees, I think the following facts could be enough to say Coinjar could pass (or eventually pass) this requirement (note: I haven't reviewed other requirements).

  • Coinjar is a different service run by a different team, not just a rebranding.
  • Coinjar is operating since nearly 2 years without apparent issues.
  • Accusations against Zhou Tong apparently weren't founded [1] despite initial suspicions [2]

[1] https://bitcoinmagazine.com/1805/bitcoinica-stolen-from-again/
[2] https://bitcointalk.org/index.php?topic=95738.0

@harding harding added the Help Needed label Feb 27, 2015

@shibacomputer

shibacomputer commented Mar 31, 2015

Sorry it's taken a while to get back to you about this.

CoinJar is in the process of implementing HSTS and stronger password policies.

@saivann, you're right to be concerned about the questions re: Ryan Zhou's past. The three points you mention are well reasoned. If I can add to this – Ryan is a co-founder but is not the CEO, and shares the responsibilities of the company with others.

You guys rock for your diligence here, btw. I'll post an update when HSTS is implemented.

@harding harding removed the Help Needed label Apr 12, 2015

@harding harding added the Need more info label May 4, 2015

@shibacomputer

shibacomputer commented May 12, 2015

Hi all!

CoinJar has updated with HSTS support and stronger password policies! Are we able to merge this PR now or do you need more info?

@harding harding removed the Need more info label May 12, 2015

@harding
Contributor

harding commented May 16, 2015

@helveticade no one is currently available to review CoinJar. (Sorry.) I'm going to tag this as help needed until someone is available. Thanks for your patience.

@harding harding added the Help Needed label May 16, 2015

@crwatkins crwatkins referenced this pull request Oct 23, 2015

Closed

Bitcoin bank listings #1109

@Cobra-Bitcoin Cobra-Bitcoin closed this Mar 23, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment