On Saturday (15 December 2018), Jameson Lopp, the Chief Technology Officer (CTO) at Casa, explained via a post on his Medium Blog who controls Bitcoin Core, or more specifically "who controls the ability to merge code changes into Bitcoin Core’s GitHub repository."
What Is Bitcoin Core?
Before we proceed, please note that term "Bitcoin Core" is not being used in this article as a synonym for the cryptocurrency with the ticker BTC
Bitcoin Core is Bitcoin's reference implementation and the most popular implementation ("96% of reachable Bitcoin nodes are running some version of Bitcoin Core"). It was originally released as "Bitcoin 0.1" by Satoshi Nakamoto on 9 January 2009, but renamed to "Bitcoin Core" in 2014 with the release of version 0.9.0. It is open source software that implements a full Bitcoin node (a collection of which forms the Bitcoin network) and a Bitcoin wallet.
The first thing that Jameson points out is that Bitcoin Core is just "a focal point for development of the Bitcoin protocol rather than a point of command and control", as he explains below:
"If it ceased to exist for any reason, a new focal point would emerge — the technical communications platform upon which it’s based (currently the GitHub repository) is a matter of convenience rather than one of definition / project integrity."
Who Are the GitHub Maintainers for Bitcoin Core?
Before naming the five people who maintain the Bitcoin Core Github repository, i.e. the people who have the PGP keys needed for signing a merge commit, he explains that being a "maintainer" is "more of a janitorial function than a position of power."
The five trusted PGP keys are
and these are assigned respectively to the following individuals:
Note that although theoretically it is possible for a GitHub employee to "use their administrative privileges to inject code into the repository without consent from the maintainers", it is highly unlikely that such a person "would also be able to compromise the PGP key of a Bitcoin Core maintainer."
Jameson also points out that these PGP keys "are not a proof of identity" since they could "potentially fall into the hands of other people." That's why there is script called "verify-commits" that "any developer can run on their machine" to verify that "every line of code that has been changed" since "commit 82bcf405 in December 2015" has "passed through the Bitcoin Core development process and been 'signed off' by someone with a maintainer key."
Multiple Layers of Security of Bitcoin Core
Finally, in this excellent blog post, Jameson says that since we cannot allow Bitcoin Core's code integrity to "rely solely upon a handful of cryptographic keys," there are several other layers of security:
- pull request security;
- release security; and
- extensive test code for checking code coverage
Featured Image Credit: Photo via Pexels.com