Oddbean new post about | logout
 I don't want to build on top of it. I just want to be able to verify the code and that it does what it supposed and claims to do. 
 It's counterintuitive to think this way.

You want code to progress as well as possible with something as sensitive as self custody.

Their code not being open source deters developers from finding vulnerabilities...moreover they have a history of not paying bounties either.

You're looking at this from a stupid way IMHO, and you're not alone in this view so you feel comfortable....doesn't mean you/y'all aren't sipping dumbfuckjuice.  
 In Eric Raymond’s ‘The Cathedral and the Bazaar’ he puts forth the original and concise arguments in favor of open source code. One of the key principles for why open source would win was that “many eyes make all bugs shallow” this is illustrated if you have ever written a paper or letter and asked someone to proof read it. Immediately they find a number of obvious things you missed in your revisions (Spelling, grammar, punctuation, awkward word choices etc.) And if you were to bring the paper to a third they would find more issues. An error or mistake will be obvious to someone that wasn’t obvious to you. The game then is to get as many eyes on the code as possible so that the most bugs possible are obvious to the largest number of people.

So while making code available for review means you can technically see the code and what it is doing, it doesn’t mean there isn’t a non obvious bug lurking. And while you state you want to review the code, very few people actually will. However if people were building on top of a code base because they were extending it or forking it for their own purposes, people would be reading the code deeply to understand how to actually apply changes and not break things. Or after breaking them, they would be trying to fix things. 

The second principle for why open source would win was the human need to “scratch an itch”. Presuming a bug is found by only reviewing code what is the incentive mechanism by which they would report it. In open source a valuable fix to an unseen bug creates reputation among peers, and the observants of a noticed bug being fixed only because you spotted it and brought it to attention or provided a fix yourself being adopted by the project and adding your name to a list of contributors is satisfying. Thus there is an ecosystem which incentivizes remedies for issues.

These are two reasons why in practice simply making code available for review will not have the same impact on quality as making the code available as an open source license. 
 If you're actively wasting money on non-open-source Bitcoin self custody tools, don't go around talking about "fix the money, fix the world".

nostr:nevent1qqs0vzlc8vmcv7ae3p0dtt60f3fezv7wtxu00wrcscllpfyhhvxerycppamhxue69uhkummnw3ezumt0d5pzqr8s355q4f0ulte5psnf408kvdt4ym7ujzu5k05l7mf50fqlpy9hqvzqqqqqqy6vy9p5