Listen to this Episode:
In this episode of “The Van Wirdum Sjorsnado,” hosted by Aaron van Wirdum and Sjors Provoost discussed why it is important that Bitcoin software is open source and why even open source software does not necessarily solve all trust issues software-specific.
In theory, the fact that most Bitcoin nodes, wallets, and applications are open source should ensure that developers cannot include malicious code in the programs: anyone can inspect the source code for malicious software. In practice, however, the number of people with enough expertise to do this is limited, while the reliance of some Bitcoin projects on external code libraries (“dependencies”) makes it even more difficult.
Moreover, even if the open source code is robust, this does not guarantee that the binaries (computer code) truly match the open source code. Van Wirdum and Provoost explain how this risk is largely mitigated in Bitcoin through a process called the Gitian building, where several Bitcoin Core developers sign the spur if, and only if, they all generate the same binaries from the same source code. This requires special compiler software.
Finally, the hosts discuss Guix, a relatively new project that goes beyond the Gitian process to reduce the level of trust required to turn source code into triggers – including trust in the compiler itself .