Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 68A6BC000A for ; Wed, 7 Apr 2021 13:42:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 428EF848CD for ; Wed, 7 Apr 2021 13:42:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cn1E6acb1wE5 for ; Wed, 7 Apr 2021 13:42:14 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by smtp1.osuosl.org (Postfix) with ESMTPS id 1DBA7848BB for ; Wed, 7 Apr 2021 13:42:14 +0000 (UTC) Received: by mail-ed1-x529.google.com with SMTP id k8so13500879edn.6 for ; Wed, 07 Apr 2021 06:42:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=G4jy6snWEvWF1hEyDLALdZtsp1vb2dpKfvfhz2W3UIk=; b=j/50RMJC8yNOCLKK8aQ7SGwYnIsTICbrQSCD6wkeIPSJgKq6tm1fcJEGGsOMhCax5J Qvp2ycNj3kpASX74OJfOJduPfPVM9nDa2stYfhzEa6DM8lZw25FuLgv6KwVZUdb0m2J7 ++z0KiBHoQ+Jb9Hdu1wN+T5N7k17Ez0q7H3RIwlvyu50xPe6YNaalPTS0/Pi5D1NAso1 X5qStzvZOO2DmyR4H1lWs+4Kdfe1Qzf1on005cozlHURB8Td/CzMAuFsgNoNy1VR31MQ +cMUUZ+LnJN8ijRRa1LtFKECS+0ZH1EJN9aiSuRLwhCZtU+UPwVb8bHNum9LPXgd0qGa SjpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=G4jy6snWEvWF1hEyDLALdZtsp1vb2dpKfvfhz2W3UIk=; b=Z8z/BtJsY4j2Duc8X7NZi2auo6hcIldRaI96OTfR/3m7kHvizNtWBTVN/YgUlQl72L dtfpsHNtrpP+dFjMRDsv/XE5bdDprECCue3xtf4KPVJXg+tA9FBb5EyG3VRixVjh+axm skUjTS3tDHFCSmHOvxTpoXFsXDYYahy3AwMJWSEj0A6+ZNVGVXlYeqfyVPjyYEoIju8H 6yl8hYXZoQu+90GR9RlJ/gGwC3IUcbN3RnfkBvLzSJq0Qn915ZEmjw1KojcuekkiS8Fk iqbll5cW738qtftJlapcQmYb4cxbafReMc5l40u2gVOS/d/RfTTseDxwhyV/b+R/5sPH UcHw== X-Gm-Message-State: AOAM533cIByICg1czh4e8QhCMr618kdL2viPDue+/NtHnvpmIiKWdEod sb3xGYKCLrEp8lJ5Toc89IyOoRHGQp2/ndCfIjs5GjzH X-Google-Smtp-Source: ABdhPJykfq1vyDtKOkknyQIMAUI+4BBlUXKPJ0LVPaVaNqOnGOnMY+O6ddtm8e8lD93DCHPS4KujyzuEf7Fs5/ODAmo= X-Received: by 2002:a05:6402:c:: with SMTP id d12mr4500962edu.100.1617802932323; Wed, 07 Apr 2021 06:42:12 -0700 (PDT) MIME-Version: 1.0 References: <874kgkkpji.fsf@rustcorp.com.au> <87pmz6it7q.fsf@rustcorp.com.au> In-Reply-To: <87pmz6it7q.fsf@rustcorp.com.au> From: Claus Ehrenberg Date: Wed, 7 Apr 2021 15:42:01 +0200 Message-ID: To: Rusty Russell , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000190ab805bf6219d8" X-Mailman-Approved-At: Wed, 07 Apr 2021 15:20:31 +0000 Subject: Re: [bitcoin-dev] March 23rd 2021 Taproot Activation Meeting Notes X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2021 13:42:16 -0000 --000000000000190ab805bf6219d8 Content-Type: text/plain; charset="UTF-8" As a user, I think it's very important for me to know if Taproot is eventually coming or not. So why not make it so that if _either_ miners _or_ users decide for Taproot, it will activate no matter what. Accepting a chain split is imo the fairest way to 'resolve the conflict' (it can't be resolved anyway). That would probably mean running ST and and UASF concurrently. The upside would be that we've got a safe date for Taproot, except neither users nor miners want it. Cheers, Claus On Wed, Apr 7, 2021 at 7:02 AM Rusty Russell via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Ryan Grant writes: > > On Tue, Apr 6, 2021 at 11:58 PM Rusty Russell via bitcoin-dev > > wrote: > >> The core question always was: what do we do if miners fail to activate? > >> > >> [...] Speedy Trial takes the approach that "let's pretend we didn't > >> *actually* ask [miners]". > > > > What ST is saying is that a strategy of avoiding unnecessary risk is > > stronger than a strategy of brinkmanship when brinkmanship wasn't > > our only option. Having deescalation in the strategy toolkit makes > > Bitcoin stronger. > > I don't believe that having a plan is brinkmanship or an escalation. > > During the segwit debate, Pieter Wuille said that users should decide. > I've been thinking about that a lot, especially about what that means in > a practical sense where the normal developer / miner dynamic has failed. > > >> It's totally a political approach, to avoid facing the awkward question. > >> Since I believe that such prevaricating makes a future crisis less > >> predictable, I am forced to conclude that it makes bitcoin less robust. > > > > LOT=true does face the awkward question, but there are downsides: > > > > - in the requirement to drop blocks from apathetic miners (although > > as Luke-Jr pointed out in a previous reply on this list they have > > no contract under which to raise a complaint); and > > Surely, yes. If the users of bitcoin decide blocks are invalid, they're > invalid. With a year's warning, and developer and user consensus > against them, I think we've reached the limits of acceptable miner > apathy. > > > - in the risk of a chain split, should gauging economic majority > > support - which there is zero intrinsic tooling for - go poorly. > > Agreed that we should definitely do better here: in practice people > would rely on third party explorers for information on the other side of > the split. Tracking the cumulative work on invalid chains would be a > good idea for bitcoind in general (AJ suggested this, IIRC). > > >> Personally, I think the compromise position is using LOT=false and > >> having those such as Luke and myself continue working on a LOT=true > >> branch for future consideration. It's less than optimal, but I > >> appreciate that people want Taproot activated more than they want > >> the groundwork future upgrades. > > > > Another way of viewing the current situation is that should > > brinkmanship be necessary, then better tooling to resolve a situation > > that requires brinkmanship will be invaluable. But: > > > > - we do not need to normalize brinkmanship; > > > > - designing brinkmanship tooling well before the next crisis does > > not require selecting conveniently completed host features to > > strap the tooling onto for testing; and > > Again, openly creating a contingency plan is not brinkmanship, it's > normal. I know that considering these scenarios is uncomfortable; I > avoid conflict myself! But I feel obliged to face this as a real > possibility. > > I think we should be normalizing the understanding that bitcoin users > are the ultimate decider. By offering *all* of them the tools to do so > we show this isn't lip-service, but something that businesses and > everyone else in the ecosystem should consider. > > > - it's already the case that a UASF branch can be prepared along > > with ST (ie. without requiring LOT=false), although the code is a > > bit more complex and the appropriate stopheight a few blocks later. > > I don't believe this is true, unless you UASF before ST expires? ST is > explicitly designed *not* to give time to conclude that miners are > stalling (unless something has changed from the initial 3 month > proposal?). > > > Although your NACK is well explained, for the reasons above I am > > prepared to run code that overrides it. > > Good. In the end, we're all at the whim of the economic majority. > > Cheers! > Rusty. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --000000000000190ab805bf6219d8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
As a user, I think it's very important for me to know = if Taproot is eventually coming or not. So why not make it so that if _eith= er_ miners _or_ users decide for Taproot, it will activate no matter what. = Accepting a chain split is imo the fairest way to 'resolve the conflict= ' (it can't be resolved anyway).

That would prob= ably mean running ST and and UASF concurrently.

The = upside would be that we've got a safe date for Taproot, except neither = users nor miners want it.

Cheers,
Claus<= /div>

On Wed, Apr 7, 2021 at 7:02 AM Rusty Russell via bitcoin-dev <= ;bitcoin-dev@lists= .linuxfoundation.org> wrote:
Ryan Grant <bitcoin-dev@rgrant.org> writes:
> On Tue, Apr 6, 2021 at 11:58 PM Rusty Russell via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>> The core question always was: what do we do if miners fail to acti= vate?
>>
>> [...]=C2=A0 Speedy Trial takes the approach that "let's p= retend we didn't
>> *actually* ask [miners]".
>
> What ST is saying is that a strategy of avoiding unnecessary risk is > stronger than a strategy of brinkmanship when brinkmanship wasn't<= br> > our only option.=C2=A0 Having deescalation in the strategy toolkit mak= es
> Bitcoin stronger.

I don't believe that having a plan is brinkmanship or an escalation.
During the segwit debate, Pieter Wuille said that users should decide.
I've been thinking about that a lot, especially about what that means i= n
a practical sense where the normal developer / miner dynamic has failed.
>> It's totally a political approach, to avoid facing the awkward= question.
>> Since I believe that such prevaricating makes a future crisis less=
>> predictable, I am forced to conclude that it makes bitcoin less ro= bust.
>
> LOT=3Dtrue does face the awkward question, but there are downsides: >
>=C2=A0 =C2=A0- in the requirement to drop blocks from apathetic miners = (although
>=C2=A0 =C2=A0 =C2=A0as Luke-Jr pointed out in a previous reply on this = list they have
>=C2=A0 =C2=A0 =C2=A0no contract under which to raise a complaint); and<= br>
Surely, yes.=C2=A0 If the users of bitcoin decide blocks are invalid, they&= #39;re
invalid.=C2=A0 With a year's warning, and developer and user consensus<= br> against them, I think we've reached the limits of acceptable miner
apathy.

>=C2=A0 =C2=A0- in the risk of a chain split, should gauging economic ma= jority
>=C2=A0 =C2=A0 =C2=A0support - which there is zero intrinsic tooling for= - go poorly.

Agreed that we should definitely do better here: in practice people
would rely on third party explorers for information on the other side of the split.=C2=A0 Tracking the cumulative work on invalid chains would be a<= br> good idea for bitcoind in general (AJ suggested this, IIRC).

>> Personally, I think the compromise position is using LOT=3Dfalse a= nd
>> having those such as Luke and myself continue working on a LOT=3Dt= rue
>> branch for future consideration.=C2=A0 It's less than optimal,= but I
>> appreciate that people want Taproot activated more than they want<= br> >> the groundwork future upgrades.
>
> Another way of viewing the current situation is that should
> brinkmanship be necessary, then better tooling to resolve a situation<= br> > that requires brinkmanship will be invaluable.=C2=A0 But:
>
>=C2=A0 =C2=A0- we do not need to normalize brinkmanship;
>
>=C2=A0 =C2=A0- designing brinkmanship tooling well before the next cris= is does
>=C2=A0 =C2=A0 =C2=A0not require selecting conveniently completed host f= eatures to
>=C2=A0 =C2=A0 =C2=A0strap the tooling onto for testing; and

Again, openly creating a contingency plan is not brinkmanship, it's
normal.=C2=A0 I know that considering these scenarios is uncomfortable; I avoid conflict myself!=C2=A0 But I feel obliged to face this as a real
possibility.

I think we should be normalizing the understanding that bitcoin users
are the ultimate decider.=C2=A0 By offering *all* of them the tools to do s= o
we show this isn't lip-service, but something that businesses and
everyone else in the ecosystem should consider.

>=C2=A0 =C2=A0- it's already the case that a UASF branch can be prep= ared along
>=C2=A0 =C2=A0 =C2=A0with ST (ie. without requiring LOT=3Dfalse), althou= gh the code is a
>=C2=A0 =C2=A0 =C2=A0bit more complex and the appropriate stopheight a f= ew blocks later.

I don't believe this is true, unless you UASF before ST expires?=C2=A0 = ST is
explicitly designed *not* to give time to conclude that miners are
stalling (unless something has changed from the initial 3 month
proposal?).

> Although your NACK is well explained, for the reasons above I am
> prepared to run code that overrides it.

Good.=C2=A0 In the end, we're all at the whim of the economic majority.=

Cheers!
Rusty.
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--000000000000190ab805bf6219d8--