Good thing no one is proposing a naive BIP 9 approach :). I'll note that BIP 9 has been fairly robust (spy-mining issues notwithstanding, which we believe are at least largely solved in the wild) in terms of safety, though I noted extensively in the first mail that it failed in terms of misunderstanding the activation parameters. I think the above proposal largely solves that, and I don't see much in the way of arguing that point from you, here.
As an aside, BIP 9 is also the Devil We Know, which carries a lot of value, since we've found (and addressed) direct issues with it, whereas all other activation methods we have ~0 experience with in the modern Bitcoin network. On 1/10/20 11:37 PM, Luke Dashjr wrote: > I think BIP 9 is a proven failure, and flag day softforks have their own > problems: > > A) There is no way to unambiguously say "the rules for this chain are > <x,y,z>". It leaves the chain in a kind of "quantum state" where the rules > could be one thing, or could be another. Until the new rules are violated, we > do not know if the softfork was a success or not. Because of this, people > will rightly shy away from relying on the new rules. This problem is made > worse by the fact that common node policies might not produce blocks which > violate the rules. If we had gone with BIP149 for Segwit, it is IMO probable > we would still not have a clear answer today to "Is Segwit active or not?" > > B) Because of (A), there is also no clear way to intentionally reject the > softfork. Those who do not consent to it are effectively compelled to accept > it anyway. While it is usually possible to craft an opposing softfork, this > should IMO be well-defined and simple to do (including a plan to do so in any > BIP9-alike spec). > > For these reasons, in 2017, I proposed revising BIP 8 with a mandatory > signal, > similar to how BIP148 worked: https://github.com/bitcoin/bips/pull/550 > However, the author of BIP 8 has since vanished, and because we had no > immediate softfork plans, efforts to move this forward were abandoned > temporarily. It seems like a good time to resume this work. > > In regard to your goal #3, I would like to note that after the mandatory > signal period, old miners could resume mining unchanged. This means there is > a temporary loss of hashrate to the network, but I think it is overall better > than the alternatives. The temporary loss of income from invalid blocks will > also give affected miners a last push to upgrade, hopefully improving the > long run security of the network hashrate. > > Luke > > (P.S. As for your #1, I do think it is oversimplified in some cases, but we > should leave that for later discussion when it actually becomes relevant.) _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
