Due to the uneven reputation factor of various devs, and uneven review attention for new pull requests, this exercise would work best as a secret sortition.
Sortition would encourage everyone to always be on their toes rather than only when dealing with new github accounts or declared Red Team devs. The ceremonial aspects would encourage more devs to participate without harming their reputation. https://en.wikipedia.org/wiki/Sortition https://en.wikipedia.org/wiki/Red_team The scheme should include public precommitments collected at ceremonial intervals. where: hash1 /* sortition ticket */ = double-sha256(secret) hash2 /* public precommitment */ = double-sha256(hash1) The random oracle could be block hashes. They could be matched to hash1, the sortition ticket. A red-team-concurrency difficulty parameter could control how many least-significant bits must match to be secretly selected. The difficulty parameter could be a matter of group consensus at the ceremonial intervals, based on a group decision on how much positive effect the Red Team exercise is providing. Upon assignment, the dev would have community approval to opportunistically insert a security flaw; which, when either caught, merged, or on timeout, they would reveal along with the sortition ticket that hashes to their public precommitment. Sortition Precommitment Day might be once or twice a year. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev