Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Drop Coinapult wallet #796
Conversation
saivann
merged commit 6fa5684
into
master
Mar 28, 2015
saivann
deleted the
coinapult branch
Mar 28, 2015
|
You could have contacted someone from Coinapult, the service is being restored. |
|
@g-p-g adding them back is a simple git revert, although that will require a pull request for discussion because of the security breech. As of this moment, the message on their website says that they're not accepting deposits, so there's no reason right now to recommend them to new users on the Choose Your Wallet page. |
|
I'm completely aware of that, but I have read other PRs around here and you usually contact someone from the related company. @harding at this moment it doesn't actually say deposits are not being accepted, but that wasn't made official (it will be made official tomorrow). |
|
@g-p-g I appologize; I interpreted this statement as meaning that deposits are not being accepted:
Source: https://coinapult.com/march (penultimate paragraph) As for contacting someone from Coinapult, I don't think that's necessary before removing a non-functioning wallet as there's absolutely no reason to point users towards those wallets. The time for contacting someone is after the wallet begins working again so that they can submit a reverting pull request. |
|
If you read bitcoin#697 you will see some very different standard being applied. That's fine. |
|
@g-p-g I'm not sure what you see in #697 to make you think we have different standards, but I'm quite sure that it has always been our policy to remove links to non-fully-functional wallets. Moreover, I personally try to avoid contacting busy wallet authors unless there's something we need them to do, and in this case I assume that Coinapult employees are already doing all they can to re-enable the service. As a said earlier, the time to contact them is when the wallet begins working again so that they can submit a reverting pull request. |
|
@harding the thing is: would you actually contact me or someone else after the service was restored if I didn't notice it was removed? If so, why wouldn't you tell me the wallet was getting removed? I completely understand this is purely a volunteer job and really appreciate that you are maintaining bitcoin.org and in the end it's all up to you to decide what to keep in there. You don't need to contact anyone to tell things are being removed, no one is telling you have any obligations regarding that. I can personally tell you that no matter how busy I'm at Coinapult, a short notice about getting delisted would have been very welcome. |
|
@g-p-g You can actually blame it on me, sorry for not taking the time for doing so. But given the current circumstances it seemed quite obvious to me that this was not controversial. |
|
@saivann I agree with what you did, don't worry. Just missed it. |
|
What's the process now? |
|
@g-p-g submit as a new pull request (PR) a If you can't create a revert, let me know and I'll open the PR myself. |
|
@harding ... really? Maybe I should tell someone from marketing to try to convince you on that, what exactly are you looking for? |
|
@g-p-g I'm looking for evidence that a post mordem was conducted, that the problem(s) that lead to the security breech has been fixed, and that Coinapult still has sufficient bitcoins to meet its customer obligations (i.e. that the theft hasn't forced it to switch to fractional reserve). Since we can't verify operation of your bitcoin bank, I'm really just looking for official assurances. |
|
We included information about that in coinapult.com/march (see also the twitter account https://twitter.com/coinapult for a link to a blog post and similar information) and moved to multisig with manual approval for withdrawals. Remember that 150 (one hundred and fifty) bitcoins were lost. |
|
They are since yesterday. At this exact moment the API is not active because of a new ddos attack, which is being handled. |
saivann commentedMar 25, 2015
The service was compromised a week ago and is still suspended
https://www.reddit.com/r/Bitcoin/comments/2zdrgr/coinapult_investigating_compromise_of_hot_wallet/
So there is at least currently no reason for linking to it, the service is not usable anymore.
If they get back on their feet, I guess they could be re-submitted. However, it's unclear if they could handle a second hack and cover the funds again now that they have been hacked once.
In the absence of critical feedback, this pull request will be merged on March 28th.