You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This discussion was created to discuss the procedure for releasing software versions and regulating the process of updating new versions. This set of procedures can be adapted for all types of software (core, gui, etc).
First I will describe the main problem:
Any new release can be fabricated by one member of the development team (first of all, account hacking is considered, and it is also not necessary to exclude the dishonesty of the participant or any other options). The main branches of the repositories are protected from injecting unsafe code with GitHub tools - any code changes must be reviewed by at least three team members. But this protection is not enough, because any participant can release binary files from any other branch, or release personally collected binary data.
For full protection, an additional source is required to store the signatures of binary data of any newly released version. Such a source can be the Bastyon blockchain network.
Here is a general outline of the software release process:
Implement and test all new functionality
Create a tag in a protected branch of the form vX.Y.Z
Publish a special post-release on the Bastyon network containing sha512 for the output binary data for the vX.Y.Z tag (The build process must be coordinated between the members of the development team)
After publishing a sufficient number of post-releases, a release should be created in GitHub containing binary data corresponding to the hash in the Bastyon network
Nodes, the Site and Bastyon Application must ensure that the sha512 binary files from GitHub and from post-releases in the blockchain are verified for the appropriate vX.Y.Z tag
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This discussion was created to discuss the procedure for releasing software versions and regulating the process of updating new versions. This set of procedures can be adapted for all types of software (core, gui, etc).
First I will describe the main problem:
For full protection, an additional source is required to store the signatures of binary data of any newly released version. Such a source can be the Bastyon blockchain network.
Here is a general outline of the software release process:
vX.Y.Zpost-releaseon the Bastyon network containingsha512for the output binary data for thevX.Y.Ztag (The build process must be coordinated between the members of the development team)post-releases, a release should be created in GitHub containing binary data corresponding to the hash in the Bastyon networkpost-releasesin the blockchain are verified for the appropriatevX.Y.ZtagBeta Was this translation helpful? Give feedback.
All reactions