Drop the Submodule for Bitcoin core and commit license directly

[chrisguida]

Can you elaborate one what this means and why it is needed?

[MattDHill]

The only reason we are have the bitcoin submodule is to sync the license. Since Bitcoin's license isn't likely to ever change, this seems like a waste. We should just add an MIT license to the wrapper repo.

[chrisguida]

The license is updated every year to change the year: https://github.com/bitcoin/bitcoin/blob/master/COPYING

Are you saying we should copy this license file into the wrapper repo every year?

What's being wasted exactly? The submodule is merely a pointer to the upstream repo, takes up like 100 bytes. Also, the submodule points to a specific commit hash, which the Dockerfile does not do.

[MattDHill]

What does the commit hash have to do with this?

[chrisguida]

I'm saying that the submodule is useful. I'm arguing for keeping it.

[MattDHill]

Useful for what. We only use it for a license that is MIT forever

[MattDHill]

Wait now I'm not seeing the submodule link to v22 anymore. Maybe things look different on mobile?

[chrisguida]

It's there, but you're right, it's pointing to v22 xD

IMO we should just build from the git repo, that's what it's there for. Verifying all the PGP keys is sort of pointless and becoming harder to maintain.

CC @dr-bonez @kn0wmad

[chrisguida]

Useful for what. We only use it for a license that is MIT forever

I just told you. It's useful because it points to a specific git commit...

Though obviously since we're currently pointing at the wrong commit, we're not using it for this. But we should.

[MattDHill]

I don't understand why having the commit hash for the license is important

[chrisguida]

Having the commit hash for the code is important

[MattDHill]

I agree, but this ticket is about NOT using the submodule for the license under the assumption we are using bitcoin.org for the code.

[chrisguida]

Right, and i'm arguing that, instead of implementing this ticket, we should instead switch away from building from bitcoin.org and build from the submodule instead. This is much more auditable and easy to maintain IMO. It's how we do it in pretty much all our other packages.

[MattDHill]

IDK @dr-bonez said he preferred it this way

[dr-bonez]

Who maintains the mirror on github for bitcoin core?

[dr-bonez]

Or is it the official repo?

[chrisguida]

Github is where all the dev happens... bitcoin.org is where the binaries are hosted. It makes sense to verify the keys when you're just installing a binary, but we're building from source, from the official repo. Let's just actually use the repo.