19:00:50 <wumpus> #startmeeting
19:00:50 <lightningbot> Meeting started Thu Feb 13 19:00:50 2020 UTC.  The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:50 <lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:54 <jnewbery> hi
19:00:58 <cfields_> hi
19:01:07 <fjahr> hi
19:01:08 <wumpus> #bitcoin-core-dev Meeting: wumpus sipa gmaxwell jonasschnelli morcos luke-jr sdaftuar jtimon cfields petertodd kanzure bluematt instagibbs phantomcircuit codeshark michagogo marcofalke paveljanik NicolasDorier jl2012 achow101 meshcollider jnewbery maaku fanquake promag provoostenator aj Chris_Stewart_5 dongcarl gwillen jamesob ken281221 ryanofsky gleb moneyball kvaciral ariard digi_james amiti fjahr
19:01:09 <wumpus> jeremyrubin lightlike emilengler jonatack hebasto jb55
19:01:10 <provoostenator> hi
19:01:12 <hebasto> hi
19:01:12 <amiti> hi
19:01:12 <emilengler> hi
19:01:13 <jonasschnelli> hi
19:01:14 <kanzure> hi
19:01:15 <jb55> hi
19:01:15 <jonatack> hi
19:01:21 <jkczyz> hi
19:01:31 <achow101> hi
19:02:14 <wumpus> no proposed topics for today in https://gist.github.com/moneyball/071d608fdae217c2a6d7c35955881d8a, but some have been proposed above by cfields_ and kanzure
19:02:28 <wumpus> kanzure | #proposedmeetingtopic topic collection for physical meeting (follow-up)
19:02:29 <kanzure> oh it's not an automated tool
19:02:41 <kanzure> yeah so i'm still collecting topic suggestions for coredev.tech meeting
19:02:45 <wumpus> cfields_ | #proposedmeetingtopic expiring Windows codesigning key
19:03:12 <wumpus> no it's not automated afaik
19:03:23 <wumpus> any other last minute topics?
19:03:30 <cfields_> Oh whoops, I thought something scraped them too.
19:03:45 <achow101> should make an automated tool to collect those
19:04:10 <wumpus> I'm sure moneyball will be thankful if you make one :)
19:05:00 <wumpus> #topic High priority for review
19:05:21 <provoostenator> I'd like to nominate #17509 for hi-prio review (gwillen has a PR on top)
19:05:23 <wumpus> https://github.com/bitcoin/bitcoin/projects/8  -- 8 blockers, 1 bugfix, 6 chasing concept
19:05:23 <gribble> https://github.com/bitcoin/bitcoin/issues/17509 | gui: save and load PSBT by Sjors · Pull Request #17509 · bitcoin/bitcoin · GitHub
19:05:54 <achow101> Replace #16528 with #18034. we keep deciding it's a good idea to stack more PRs before descriptor wallets :/
19:05:56 <gribble> https://github.com/bitcoin/bitcoin/issues/16528 | Native Descriptor Wallets using DescriptorScriptPubKeyMan by achow101 · Pull Request #16528 · bitcoin/bitcoin · GitHub
19:05:57 <gribble> https://github.com/bitcoin/bitcoin/issues/18034 | Get the OutputType for a descriptor by achow101 · Pull Request #18034 · bitcoin/bitcoin · GitHub
19:07:08 <wumpus> 17509 added
19:07:17 <meshcollider> hi
19:07:27 <wumpus> achow101: why is that? (deciding to stack more PRs)
19:08:53 <moneyball> i would very much welcome a tool that automates my process of downloading the log archive and grep'ing for proposed meeting topics!
19:09:07 <wumpus> replaced 16528 with 18034
19:09:13 <achow101> mostly just cleaning things up so descriptor wallets is slightly less painful to review
19:09:47 <achow101> missed a few things during all of the wallet boxes stuff, including a glaring hole in the design itself that doesn't work with hardware wallets
19:09:54 <wumpus> okay if it helps review that's good
19:10:06 <wumpus> whoops
19:11:02 <wumpus> #topic Expiring windows codesigning key (cfields_)
19:11:32 <cfields_> For once we're not scrambling to deal with an expired codesigning cert. The current Windows cert expires on Mar 26, 23:59:59 2020 GMT. We'll need to renew before then.
19:11:33 <cfields_> Last year gwillen was kind enough to renew the cert for us.
19:12:02 <cfields_> Also, it probably makes sense for the signer to be someone more active.
19:12:50 <wumpus> any volunteers? what's involved?
19:12:57 <achow101> does it require a windows machine?
19:13:11 <jonasschnelli> We could purchase it via the Bitcoin Core Code Signing Association
19:13:19 <wumpus> jonasschnelli: was about to suggest that
19:13:20 <jonasschnelli> (make sure the certificate belong to that name)
19:13:34 <cfields_> No, Windows isn't required. You hold a key and run a bash script for each release.
19:13:41 <jonasschnelli> there are no funds though,.. :)
19:14:26 <jonatack> how often does the cert expire?
19:14:38 <cfields_> Since it's not a rush this time, I can open a github issue to discuss.
19:14:40 <wumpus> how expensive is a cert?
19:14:50 <cfields_> jonatack: This one was a 1year, I think you can also buy a 2.
19:15:08 <jonasschnelli> Last time I checked most cert where around 200usd
19:15:09 <cfields_> wumpus: good question, sec.
19:15:12 <jonasschnelli> (per year)
19:15:26 <jonasschnelli> always depends on the issuer...
19:15:35 <wumpus> I guess we can't use the travel fund for this?
19:15:48 <jonasschnelli> we could... or we find a generous sponsor. :)
19:15:53 <achow101> I could do the signing. I've done every gitian build for quite a while, usually on time
19:15:56 <jonasschnelli> I sponsor the apple one already,...
19:16:16 <jonasschnelli> ack on achow101
19:16:23 <jonasschnelli> (thanks for volunteering)
19:16:27 <wumpus> sounds good to me!
19:16:48 <cfields_> Yeah, I can't find the price off-hand, but it was somewhere under $200. IIRC closer to $100 for the 1yr.
19:17:09 <jonasschnelli> I guess its best if you achow101 purchase the cert.. we can pay it via the coredev.tech fund if no-one opposes that
19:17:36 <wumpus> +1
19:17:51 <wumpus> but sure, if we can find another sponsor that'd be great
19:18:13 <achow101> sure
19:18:23 <kanzure> moneyball: http://gnusha.org/bitcoin-core-dev/proposedmeetingtopics.txt should have topics collected ~5 minutes before each meeting. let me know if it breaks.
19:18:24 <jonasschnelli> thanks to a falling USD, the coredev.tech bitcoin holding have quite some purchase power
19:18:54 <cfields_> Under $100: https://github.com/bitcoin/bitcoin/pull/15682#issuecomment-477486862
19:19:32 <achow101> I wonder if I can expense it to blockstream...
19:19:45 <jonasschnelli> heh. try it!
19:19:46 <cfields_> I can buy if we can't find a sponsor. Buying my way out :)
19:20:11 <jonasschnelli> cfields_: you did great! No need to buy yourself out
19:21:03 <achow101> cfields_: is the script(s) in contrib/windeploy?
19:21:05 <wumpus> yes, thanks for all your work
19:21:12 <cfields_> Ok, will discuss with achow outside of the meeting.
19:21:26 <achow101> +1
19:21:30 <wumpus> #topic Topic collection for physical meeting (kanzure)
19:21:50 <kanzure> yeah still collecting topics, let me know what you do or don't want to hear about
19:21:51 <cfields_> achow101: yes, but gitian spits them out. It's as simple as running a script from the gitian payload.
19:22:29 <kanzure> things on the list include stuff like guix, more build stuff, erlay, miniscript integration, descriptor wallets
19:23:02 <kanzure> HWI updates will probably get in there...
19:23:17 <kanzure> oh and forgot about taproot. anyway, that's all.
19:23:30 <achow101> kanzure: oh yeah, HWI. add that to mine
19:24:23 <kanzure> added.
19:24:32 <kanzure> i think hearing about the fuzzing work would be interesting
19:24:42 <jnewbery> people have given me some topic requests in the survey responses. I'll pass those on to you, kanzure
19:24:47 <kanzure> thank you
19:25:18 <kanzure> another note here's my two second hack for proposedmeetingtopic scraping (set to run 5 minutes before the meeting time each day) http://gnusha.org/bitcoin-core-dev/proposedmeetingtopics.txt
19:25:35 <jnewbery> incidentally, thank you to everyone who replied to the survey (30 responses so far). Very much appreciate your time. I'll present aggregate results at coredev
19:27:01 <cfields_> kanzure: heh, nice.
19:28:04 <wumpus> that was quick :)
19:28:25 <wumpus> any other topics?
19:29:34 <wumpus> nothing else to discuss?
19:29:51 <kanzure> i am now daily timestamping the logs?
19:30:03 <emilengler> cool
19:30:28 <kanzure> http://gnusha.org/bitcoin-core-dev/timestamps/
19:30:33 <kanzure> not much of a topic :)
19:30:42 <emilengler> well but good to know
19:31:03 <jeremyrubin> hi
19:31:26 <cfields_> oh, quick last-second thing...
19:31:28 <jonasschnelli> macOS notarization is also done now. We start with the next release
19:31:29 <wumpus> nice!
19:31:56 <cfields_> would there still be interest in a multi-signer protocol for codesigning? That might be a good project for a student around here.
19:32:13 <cfields_> Not for this time around, ofc. But maybe for next time.
19:32:24 <jonasschnelli> I question if it is worth the effort... but if someone is up for... yeah. Why not
19:32:44 <jonasschnelli> Just expect that Apple changes the key types (and enforces them) probably with 1 week notice.. :)
19:32:54 <cfields_> Heh, fair point.
19:33:17 <jonasschnelli> I guess its still RSA right now... but I'm sure they have plans to migrate away from that
19:33:28 <achow101> cfields_: hasn't that been on the todo list for the past 6 or so years?
19:33:41 <jonasschnelli> heh.. maybe past 4
19:34:00 <cfields_> achow101: heh, yep, every time codesigning comes up. But this time I might actually be able to sucker someone into doing it :)
19:34:22 <wumpus> it's a pretty old idea by now, yes, the problem is backfitting something like that into proprietary codesigning systems
19:34:57 <jonasschnelli> And at the end, it's little security/trust compared to our gitian signatures
19:35:18 <wumpus> right, it's not as if it's going to replace gitian signature verification
19:35:20 <cfields_> Ok, not much interest.
19:35:23 <jonasschnelli> I would rather invest resources in having a release-checker within bitcoin-cores binary (+Qt)
19:35:26 <cfields_> Thanks, that's a helpful answer too.
19:36:16 <jonasschnelli> Gitian is such a nice process.... but I doubt many people verify (which makes it kinda pointless).
19:36:34 <jonasschnelli> If they could just verify from directly withing older bitcoin core versions.
19:36:36 <wumpus> well at least the people that build verify that's something...
19:36:51 <jonasschnelli> yes. that alone is a big plus.
19:37:13 <cfields_> Yeah, I see it more as a proof that it can be done.
19:37:18 <cfields_> Anyway, </topic>. Thanks.
19:37:28 <wumpus> but yes it might be nice to have a tool that automates verification integrated, so that if people have one version of bitcoin core they can verify a newer one they downloaded
19:37:34 <jonasschnelli> not that its not a cool project.
19:38:03 <jonasschnelli> wumpus: Yes. Agree. We could have secp256k1 signatures from the gitian assert files... then verify those within core
19:38:25 <wumpus> yup
19:38:45 <wumpus> any other topics?
19:39:42 <wumpus> #endmeeting