Remove python-bitcoinaddress dependency p.2 (issue #2867) #2886
Conversation
|
This is ready to be reviewed. This code for bitcoin address validation is written by Gavin Andresen (unlike the code used at https://pypi.python.org/pypi/python-bitcoinaddress), so it is tested and ported to multiple languages, and there is no reason not to trust it. If there is consensus to keep it as external dependency, I can make a package. |
|
That bitcoin module looks terrible, it doesn't follow PEP8 at all. |
|
@Changaco I intentionally left it consistent with original code, so that it is possible to compare it to original and ensure that it was not seriously messed with and modifications are visible. In this case application security is more important than consistency of application code style, and on module level consistency is preserved, which is also what PEP8 says: So it does follow PEP8 in this way. =) |
|
Good check would be to dump all bitcoin addresses from live db and run |
https://bitcointalk.org/index.php?topic=1026.0 This will remove dependency on python-bitcoinaddress-0.2.2.tar.gz package that conflicts with recent setuptools (issue gratipay#2867)
This function was provided by python-bitcoinaddress-0.2.2.tar.gz
This uncovers that not all invalid addresses are detected, which is also a problem with python-bitcoinaddress-0.2.2.tar.gz
This should fail the tests to be fixed in subsequent commit by switching to new utils/bitcoin.py
|
Rebased. |
|
@techtonik The purpose of this PR is to get the GPL out of our codebase, yes? |
|
"Reach license clarity" #2881 |
|
All current |
|
|
||
| Gratipay changes: | ||
|
|
||
| [x] Django field type made optional |
There was a problem hiding this comment.
Let's remove that code entirely instead of making it optional.
We should at least trim trailing whitespace. |
This isn't a bad idea. Surely there are others who want a non-GPL bitcoin library. I say +1 on this route ... then we can clean up the code. :-) |
|
@whit537, the primary purpose became to use approved and security checked code for bitcoin address validation. The secondary is to remove dependency that conflicts with new setuptools (and prevent Vagrant bootstrapping). Removing GPL dependency just adds to that. Cleaning up the code... |
Awesome. =) |
Why does
Ah, yes. Now I remember: #2327.
I'm right that we want to not use GPL code, right? We can't use GPL code without releasing our code as GPL, right? |
|
@techtonik The Travis error looks like the one we were seeing after #2899. Did you rebase on master while it was in an inconsistent state? |
It was copied from http://paddy3118.blogspot.nl/2012/11/some-identities-for-python-inttobytes.html and I don't know who is this guy, where this code was used, and if somebody from crypto experts reviewed it.
It is not that clear, but I am sure FSF wants people to think so. I know for sure that LGPL is 100% fine to use, AGPL is 100% not ok. GPL must be somewhere in the middle, but it is better avoid speculations and don't use it. |
Yes. It is now green though after the last commit. |
|
IRC re: GPL |
|
|
||
| """ | ||
| Bitcoin address validator by Gavin Andresen. | ||
| https://bitcointalk.org/index.php?topic=1026.0;all |
There was a problem hiding this comment.
Let's also reference this PR for convenience to document alterations:
What do you expect from an academic? ;-) It was written by Gavin Andresen, so while it might look terrible, I think we can have a high degree of trust in it (I believe that's what I hear @techtonik suggesting). |
Remove python-bitcoinaddress dependency p.2 (issue #2867)
Previous PR #2885 got accidentally merged, so this is a continuation.