OpenBazaar is a Black Duck Open Source Rookie of the Year

Our team is exited to announce that the OpenBazaar project has been selected as one of Black Duck’s Open Source Rookies of the Year.

Each year, Black Duck names ten new open source projects as their Rookies of the Year. Former winners include Bootstrap, Ansible, Docker, Tox, and many other amazing projects. We’re honored to be acknowledged alongside such great projects as well as the other rookies this year.

We’d like to thank the community for their enthusiastic support of the project, as well as the dedicated group of volunteers who maintains the project.

2014 was a great beginning to the project, but 2015 will see OpenBazaar move out of beta and into a platform that can be used for free trade online, with Bitcoin, anywhere in the world. Let’s make trade free together.

OpenBazaar 2014 Rookie of the Year

Read More

OpenBazaar goes to FOSDEM

The OpenBazaar team is going to FOSDEM 2015 in Brussels, Belgium on January 31st and February 1st.

5606606522_f2b12f52bf_z

Several core members of the team and contributors are going to be there. We’re joining forces from all over the world:

So, come and say hello.

We’ll be giving a 20-minute lightning talk on Sunday afternoon. But most importantly, we’ll stick around and will be happy to demo OpenBazaar to you on Saturday and Sunday, answer your questions, talk about code, trade, law, anonymity, privacy, politics, and bitcoin, and discuss our vision for the future. Of course, we won’t be skipping the traditional FOSDEM beer either.

We’ll be happy to present you our GPG keys so that you can verify their authenticity in person.

We’re very much looking forward to meeting you!

See you in Brussels!

Read More

Security incident: Developer impostor

We recently faced a minor security incident at the OpenBazaar GitHub repository.

An attacker was able to briefly gain push access and make code changes that remained undetected for about one hour, by pretending to be a developer with contributor access who lost access to his normal account. The changes that the attacker made to the code were insignificant and were not related to security – they were mostly tests. Only the “develop” branch was affected, not the “master” branch. As our users run the “master” branch, we expect no users to be affected by this breach.

We reverted the code changes immediately and access rights were restored. We don’t expect anyone to be affected by this attack. As a response to the attack, we are on the process of developing more rigorous security policies which would require proper authentication for committer username changes. Our new policies will also include operational security requirements for existing developers. In response to the attack and in coordination with GitHub, we have ensured that the accounts of the attacker have been appropriately banned.

As part of our transparency commitment to our users, we are publishing this security incident so that people are aware of our potential problems and solutions.

Our full incident response post-mortem report is made available for the community to read.

Read More