15:49:21 <sgp_> we should have a meeting today to discuss the second BP+ audit
15:49:38 <sgp_> we have received 2 SoWs
15:52:51 <sgp_> https://github.com/monero-project/meta/issues/553
15:52:57 <sgp_> 2 SoWs are in the issue
17:00:59 <sgp_> Monero Research Lab meeting time
17:01:59 <sgp_> ping ArticMine sarang knaccc DeanWeen Isthmus SerHack vtnerd xmrscott
17:02:26 <sgp_> I know this wasn't scheduled much in advance, but we need to make a decision on BP+ today
17:02:36 <Isthmus> hey, I'm partially around
17:02:37 <sgp_> (ideally regarding the audit because we now have SoWs)
17:03:45 <sgp_> https://github.com/monero-project/meta/issues/553
17:03:55 <sgp_> first up, BP+ second audit
17:04:36 <sgp_> we have received 2 SoWs
17:05:04 <sgp_> TrailofBits may be submitting one, but it's been a few weeks and we don't have it yet. They are also not likely available in the short term
17:05:11 <sgp_> Quarkslab: https://github.com/monero-project/meta/files/6037184/PRO_Quarkslab_Monero_Bulletproof_RPS_security_assessment_public.pdf
17:05:19 <sgp_> JP: https://github.com/monero-project/meta/files/6037185/bpplus-review-sow.pdf
17:10:22 <sgp_> wow, silence lol
17:10:58 <SerHack> hey!
17:11:05 <sgp_> hey serhack :P
17:11:24 <sgp_> here's what's next for the audit to proceed
17:11:28 <sgp_> 1. we need to pick one
17:11:47 <DisBotXMR1> <glennhodl> im interested I just have no idea what's going on, so just observing
17:11:56 <sgp_> 2. I need to confirm with MAGIC that we can open a campaign for this (likely)
17:11:59 <SerHack> +1 for JP, I chatted for a while with him and he seems really expert, I wonder about deadline
17:12:16 <sgp_> JP says he is available within the next 1-2 weeks
17:12:26 <sgp_> we can have an audit report in 3 weeks
17:12:29 <gingeropolous> woof that quarkslab
17:12:31 <sgp_> from today
17:12:35 <SerHack> I see
17:13:09 <SerHack> and what about quarkslab?
17:13:16 <sgp_> I think Quarkslab is a good choice, but I have a lot of confidence in JP and think he is a great choice personally
17:13:53 <sgp_> JP is also <1/3 the cost
17:13:56 <gingeropolous> who / what is JP?
17:14:20 <sgp_> gingeropolous: https://www.aumasson.jp/
17:14:58 <sgp_> JP led this Monero bulletproofs audit https://research.kudelskisecurity.com/2018/07/23/audit-report-of-moneros-bulletproofs-integration/
17:15:40 <sgp_> JP also audited CLSAG https://ostif.org/wp-content/uploads/2020/07/ostif-clsag-audit-final-public.pdf
17:18:00 * xmrscott[m]1 attempts to slide into meeting quietly
17:19:45 <h4sh3d[m]> JP is a really good choice
17:20:16 <sgp_> imo, with his expertise and immediate availability, we jump on it
17:21:31 <sgp_> and we would do it through magic so we can send him a check in USD, and USD and XMR donations would be tax deductible
17:21:48 <gingeropolous> so that'll be 2 total audits so far?
17:21:59 <gingeropolous> if JP is selected?
17:22:02 <sgp_> the original plan was to do 2
17:22:21 <sgp_> yeah, JP's will build on the previous one which was quite extensive
17:24:10 <gingeropolous> ok. my general gut feeling is to not skimp on this, mainly because of all the "mOneRo prIntS iNfIniTe mOneY", but thats not really technical or scientifically based opinion.
17:24:21 <dEBRUYNE> I'd do JP, seems like a suitable candidate + availability
17:25:03 <sgp_> gingeropolous: I think a third is relatively excessive personally, but obviously security is important
17:25:41 <sgp_> first audit: https://suyash67.github.io/homepage/assets/pdfs/bulletproofs_plus_audit_report_v1.1.pdf
17:26:18 <gingeropolous> right. at what point is it just throwing money at a problem just because. i dunno.
17:28:08 <sgp_> is there anyone here that feels strongly that we need a third?
17:28:20 <gingeropolous> it's good that this is iterative though. can always assess after JP whether a third is warranted.
17:29:02 <sgp_> is there anyone against me opening the fundraising campaign for JP ASAP?
17:29:22 <h4sh3d[m]> I'd go for assessing after JP, if the time frame allows it
17:29:50 <h4sh3d[m]> but that's not something we want to rush anyway
17:32:18 <xmrscott[m]1> Sounds like no one is against then
17:32:32 <xmrscott[m]1> *against doing the JP campaign ASAP
17:33:06 <sgp_> okay, I will talk with MAGIC and open a fundraising campaign for JP's audit pending board approval
17:33:20 <sgp_> if MAGIC can't do it, I'll let you know ASAP and open a CCS
17:34:08 <Isthmus> Thanks for coordinating this
17:34:33 <sgp_> ty to sarang also for sitting on some of the auditor calls with me :)
17:34:48 <sgp_> is ArticMine here to talk about the block size / fee penalty?
17:36:51 <sgp_> any other MRL topics for this meeting?
17:46:19 <sgp_> okay, meeting adjourned then :)
18:24:31 <DisBotXMR1> <CrimsonKing> guys
18:24:47 <DisBotXMR1> <CrimsonKing> how much is such an audit expected to cost, and how many manhours are put into it ?
18:25:54 <sgp_> CrimsonKing: the one from JP is for $12500
18:26:12 <sgp_> the one from Quarkslab is $41,250
18:26:32 <DisBotXMR1> <CrimsonKing> appreciated.
20:20:52 <ttaynsgurpp> Remember kids. If you call project coral reef for what it is - fluffypony embezzling half a mil usd from the monero fund for a website with smaller adoption than monero woo plugin, you will get excommunicated. Why do you think charities need Teslas? They don't and Elon won't support Monero 150k will sure buy a lot of party time for those that actually do get it.