EOS BIOS: Call for increased collaboration

in #eos3 years ago


We appreciate the feedback that has been brought up today in this recent article regarding the setup of the EOS BIOS Boot. We would like to take a moment to address it. We encourage and value any and all responsible disclosure of critical security issues.

As per the video titled "The Hooks" posted May 12, 2018, Alexandre clearly explained this is a setting that should be disabled, (or properly proxied if a Block Producer's infrastructure is built to securely manage this), before launch of the mainnet. As mentioned in the video at [4:14], we had left it open to allow for testing needs during this testing phase before launch. We had recommended that these should be disabled.

Following this feedback, this default configuration has been removed from the sample configurations we offered. Many Block Producers are reviewing the code and we highly appreciate that. We would like to re-state that every Block Producer is responsible for their infrastructure and that, as with any software, the default configuration might not be what you need for production environments. We are doing our best to share our  knowledge openly and strive to be an active contributor to an open and collaborative community.

EOS Canada is very committed to working alongside Block Producers from across the globe to reach a successful, efficient, and secure launch. We invite more Block Producers to participate in the orchestrated launch by reading through the eos-bios repository documentation and videos.

This afternoon's call was a great example of the antifragility of the EOS community, where the 20 Block Producers present agreed on the course of action to build a stronger and united launch over the coming days. This remarkable collaboration is directly aligned with our values and can only strengthen the global EOS ecosystem.


Thank you so much for taking initiative in launching EOS. Your hard work is appreciated!

EOS Canada is doing an amazing job at bringing all BP's all across many different timezones under one launch group. We actively promote this great initiative!

We also believe that every Block Producer is responsible to set up a highly available and secure infrastructure. To faciliate and provide guidance, EOS Asia, in collaboration with security groups SlowMist and Joinsec and Block Producer Candidate EOS Store, has released a BP infrastructure guideline: https://github.com/slowmist/eos-bp-nodes-security-checklist

great info , thanks for sharing!

amazing Thank you for this project eos-bios:)

You guys are doing great! Thanks for being active community members!