Why are you communicating with him on twitter?
Regardless, if their build is unreproducible using their instructions (regardless if its from poor documentation), its not worthy to be used for generating bitcoin wallets.
There is another thread on this tooic, and @nvk is also here on SN
Because Nostr is a hot mess and I am interested in other topics in addition to bitcoin so I use Twitter.
I agree with your statement on worthiness wholeheartedly which is why I was trying to get that issue resolved with them. I wanted them to fix it so that I could continue using and enjoying CC. I want them to succeed.
If he could block me on SN he probably would. LOL He's probably flagging me ;) Notice his response in that thread you linked. It's a good example of what I'm talking about. He just dismisses any user that reports an issue.
reply
It appears this is a misunderstanding. You can use your twitter app and read this thread explaining why your build didn't match. Both honest and dishonest people don't want to be called a liar, so @nvk 's response is excusable, even if it raises suspicions.
reply
Yes, I saw that thread. That's not what this post is about. As the title suggests, it's about "their toxic attitude towards users who highlight issues". In this specific case, it ended up being something benign. But if this is how NVK acts with something as benign as this, it's only reasonable to assume that he may react the same or worse on other not-so-benign issues being reported. Hell, how do we know there haven't been other issues reported that were just dismissed by NVK or suppressed by threat of lawsuit?
The point is not that this issue was a real security issue. The point is that his attitude is a risk for the security of his software now and in the future. A good example is how they've now changed the license of their software. Before it was a true open source license that anyone could use and thus had an incentive to scrub and find bugs in. Now, because of their attitude and beef with Foundation, they've changed the license to one that doesn't encourage others to dig deep into their code which, in my opinion, is a security risk.
reply