Added LUXSTACK app to wallets page

[jonwaller]

This pull request adds the LUXSTACK Android mobile app to the list of wallets.

[gurnec]

@jonwaller FYI—based only on the PR, this wallet seems to be missing the Wallet Basic Requirement "If user has exclusive access over its private keys: Source code is public and kept up to date under version control system". Are you proposing a change to the Basic Requirements, or do you believe this wallet has a good reason for not including this one (or am I misinterpreting the PR)?

In any case, you may want to take a look at that document linked above to see if you notice any other potential stumbling blocks.

[jonwaller]

@gurnec, Thanks for the the response. I believe closed-source wallets should be allowed for inclusion on the bitcoin.org page. As bitcoin matures, more companies will wish to produce closed-source wallets. (I can't imagine a Google or Apple bitcoin wallet being open source.)

---

Here is how the LUXSTACK app lines up with the requirements:

• Sufficient users and/or developers feedback can be found without concerning issues, or independent security audit(s) is available
  OK
• No indication that users have been harmed considerably by any issue in relation to the wallet
  OK
• No indication that security issues have been concealed, ignored, or not addressed correctly in order to prevent new or similar issues from happening in the future
  OK
• No indication that the wallet uses unstable or unsecure libraries
  OK (Using bitcoinj)
• No indication that changes to the code are not properly tested
  OK
• Wallet was publicly announced and released since at least 3 months
  OK - Running beta in Japan since new year
• No concerning bug is found when testing the wallet
  OK
• Website supports HTTPS and 301 redirects HTTP requests
  OK
• SSL certificate passes Qualys SSL Labs SSL test
  OK
• Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days
  Soon. However, web is used as a reader - private keys never leave device.
• The identity of CEOs and/or developers is public
  OK
• If user has exclusive access over its private keys:
  • Allows backup of the wallet
    OK
  • Restoring wallet from backup is working
    OK
  • Source code is public and kept up to date under version control system
    Using source control. Closed source project.

[harding]

@jonwaller thank you for submitting your wallet, and thank you to @gurnec for commenting on it so quickly.

We don't currently have any requirement that wallets be open source, but we do not consider proprietary wallets as giving users exclusive access over their private keys. You can easily change that part of your score, but that still leaves us with a problem---we have a policy[1] to keep non-control wallets in the Web wallet section.

If you still want to be listed, we'll either have to change our policy (possible, but I consider it unlikely) or wait for us to revise the page layout (occasionally discussed, but with nothing concrete planned yet). I apologize for the inconvenience this causes.

[1] "Web wallets are sandboxed out of all [other] categories unless they provide control over private keys to the user and a native app that signs transactions locally." Source: bitcoin#473 (comment)

[jonwaller]

I think it might be worth splitting the mobile/android/ios wallet pages to closed and open source, the wallets already have some meta that say if they are closed source.

It doesn't make sense to put an Android wallet under web wallets.

[harding]

I agree an Android wallet doesn't belong in the web wallet section.

I'm not interested in working on changing the layout right now to adequately describe the comparative risks of proprietary wallets, but if you want to make that change and submit it as a pull request, I assure you that it will be discussed by the other contributors.

[sandakersmann]

Proprietary wallets have no place on bitcoin.org, and it should stay that way. No reason for this community to market your product if you can't be open source and share the code. Do your own marketing.