Oddbean new post about | logout
Meridian | 10 months ago (raw) | export | reply | flag +4 
 Scenario: a node runner decides not to upgrade to the latest version of Bitcoin Core, due to a controversial change in consensus logic. 
A vulnerability is discovered, affecting all versions of Bitcoin Core, and a hotfix is published as a minor release, on top of the most recent version. 

Question: What options are available to the node runner, to patch his older version of Bitcoin Core, so as to secure it against the vulnerability, without also upgrading to the controversial / most recent version? 

Are there any more user friendly options, besides manually merging the hotfix, and rebuilding the old version from source? 

#bitcoin #asknostr
[ARCHIVED] Jay | 10 months ago (raw) | root | parent | reply | flag 
 I'm also curious about this @Jameson Lopp
Jameson Lopp | 10 months ago (raw) | root | parent | reply | flag 
 If you're only one or two versions behind the most recent release then security patches will get back ported as a minor version release.
Kc | 10 months ago (raw) | root | parent | reply | flag 
 That's probably the only possible way. Fork from the previous version without the controversial change and cherry pick the security patch into it.
It's just that this might not be so easy, depending on where in the code both changes were made.