You are viewing a single comment's thread from:

RE: Did We Learn Any Lessons From HF20?

in #steem6 years ago

...this approach of many changes together looks a lot like the way governments ram through masses of changes...

I've made this exact comparison in the past. It's a really crappy way to push needed changes through that actually have super-majority consensus, not only among witnesses, but within the larger community as well.

Yours is the only post from a witness I have EVER seen (other than mine) proposing to use top 20 funds to pay for professional testing.

Unless we are well-versed and experienced with C++ and auditing code, I think hiring someone to do that job is the most responsible thing to do when collecting large sums of money to perform duties as a top witness. Anything short of that would be borderline reckless, in my opinion. How can you justify accepting protocol changes for a blockchain valued in the hundreds of millions of dollars, with hundreds/thousands of large investors, if you haven't bothered to have those protocols professionally audited and tested?

Going forward, I think more professional audits and testing is really the only way to proceed. If it can't be done before the official implementation dates, then the hard forks ought to be rejected. In light of recent events, that's the only reasonable path.

Sort:  

Yes, I agree. I actually am experienced in C++ and testing, so I know something of the complexity and size of the task (though I wouldn't know all the details without going more deeply into it all). Co-ordination goes a LONG way when it comes to testing complex systems and I really think we need to have a witness testing channel in chat as a minimum. That in itself would help expose what is and is not occurring.

I worked out earlier (after getting the maths wrong the first time around) that top 20 witnesses currently receive in the region of about $90k per year. Paying others to do professional audits would take a sizeable chunk of that - but if they all split the cost it would be doable. This then comes back to the issue of potentially redirecting some of the witness budget towards tasks such as this but then we have the politics of who gets the job and so the complexities of getting so many individuals to work together in a coherent way just spiral on. I suppose a way of rewarding code changes and bug hunting would go a long way towards helping but @utopian-io doesn't even currently have Steem whitelisted, for reasons I don't understand. :/

It is of note that witnesses could also choose to hire an organization to audit the code together. It's not necessarily required that witnesses all hire their own programmers to audit the code.