Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.217.175 as permitted sender)
	client-ip=209.85.217.175; envelope-from=pieter.wuille@gmail.com;
	helo=mail-lb0-f175.google.com; 
MIME-Version: 1.0
In-Reply-To: <20150618111407.GA6690@amethyst.visucore.com>
References: <55828737.6000007@riseup.net>
	<CANEZrP3M7+BsZKLFZV-0A_fC7NmMGbTDxsx3ywru3dSW78ZskQ@mail.gmail.com>
	<20150618111407.GA6690@amethyst.visucore.com>
Date: Thu, 18 Jun 2015 14:29:42 +0200
Message-ID: <CAPg+sBj_go==m6-++sA53imYdz4OLH4bkyiuAyEM8YR8CaTd=w@mail.gmail.com>
From: Pieter Wuille <pieter.wuille@gmail.com>
To: "Wladimir J. van der Laan" <laanwj@gmail.com>
Content-Type: multipart/alternative; boundary=089e0160b7be3c6df70518c9f696
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Concerns Regarding Threats by a Developer
 to Remove Commit Access from Other Developers
Precedence: list

--089e0160b7be3c6df70518c9f696
Content-Type: text/plain; charset=UTF-8

On Thu, Jun 18, 2015 at 1:14 PM, Wladimir J. van der Laan <laanwj@gmail.com>
wrote:

> Like in any open source project there is lots of decision making ability
> for code changes. I'd say look at the changelog for e.g. 0.11
> https://github.com/bitcoin/bitcoin/blob/0.11/doc/release-notes.md#0110-change-log,
> or follow pull requests for a while, to see how many decisions about
> changes are made from day to day. No, I'm not sitting on my hands, and so
> is none of the other contributors that you'd like to get rid of.
>

The analogy goes further even. Even though I disagree with some of the
changes you're making, I respect Mike's (and anyone's) right to make a fork
of Bitcoin Core. That's how open source works: if people disagree with
changes made or not made, they can maintain their own version. However:


> Consensus changes are *much* more difficult, on the other hand. Even
> relatively straightforward softforks come with a long discussion process
> (see BIP62, BIP66). A hardfork is hard to do at the best of times (everyone
> needs to upgrade their software!), and simply not possible if almost the
> entire technical community disagrees with you.
>

Consensus changes - in particular hardforks - are not about making a change
to the software. You are effectively asking users of the system to migrate
to a new system. Perhaps one which is a philosophical successor to the old
one, but a different system, with new rules that are incompatible with the
old one.

I believe this is something that can only be done if there is no
controversy about the change, for different reasons:

* Risk: no matter how you determine the switchover date, there is no way of
knowing when (and whether at all) everyone changes their full nodes (and
perhaps other software), and even very high hash power votes cannot prevent
an actual fork from appearing afterwards. At best, people lose the
guarantee that their confirmations are meaningful (because at some point it
becomes clear that the other side will get adopted, and they need to
switch). At worst, a fork persists, and two partitions appear, in each of
which you can spend every pre-existing coin. This defeats the primary
purpose Bitcoin was designed for: double spend protection.

* Philosophy: Bitcoin is not a democracy. The full node security model is
designed to minimize trust in other parties in the system. This works by
validating as much as possible according to the consensus rules. In
particular, there is no "majority vote" that can override things (contrary
to what some people think, it is not "longest chain wins, and a majority of
miners decide"; even a majority of miners cannot steal your coins or
produce more than the allowed subsidy, unless they convince others to
change their software). Changing the rules should be possible if there is
wide consensus, but nobody should feel forced to change their code against
their will.

* Governance: being able to push for a controversial change to the system
sets an incredibly dangerous precedent about who is in charge of the
system's rules. What if next time it is a change demanded by parties with
less good intentions (and yes, I believe people in this discussions all
have good intentions to improve the system in a way they think is most
useful)? I can promise you that I will say anything in mail to this list if
someone points a gun at me, and I think you should make the same assumption
about other people here. By avoiding controversial changes, you avoid
external and potentially invisible manipulation.

Of course, sometimes changes to the consensus rules may be wanted. The
presence of a bug is a good reason, and widespread agreement about one of
the system's limitation is too. As I said before, I think technological
growth in network bandwidth, processing power, and storage, are a good
reason why the system should be able to scale proportionally. I think there
are good technical and economic reasons why we should be cautious about
this, but the primary requirement is consensus, and aligning people's
expectation about what they can expect from network's evolution.

-- 
Pieter

--089e0160b7be3c6df70518c9f696
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Thu, Jun 18, 2015 at 1:14 PM, Wladimir J. van der Laan =
<span dir=3D"ltr">&lt;<a href=3D"mailto:laanwj@gmail.com" target=3D"_blank"=
>laanwj@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div =
class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Like in any open sourc=
e project there is lots of decision making ability for code changes. I&#39;=
d say look at the changelog for e.g. 0.11 <a href=3D"https://github.com/bit=
coin/bitcoin/blob/0.11/doc/release-notes.md#0110-change-log" rel=3D"norefer=
rer" target=3D"_blank">https://github.com/bitcoin/bitcoin/blob/0.11/doc/rel=
ease-notes.md#0110-change-log</a>, or follow pull requests for a while, to =
see how many decisions about changes are made from day to day. No, I&#39;m =
not sitting on my hands, and so is none of the other contributors that you&=
#39;d like to get rid of.<br></blockquote><div><br></div><div>The analogy g=
oes further even. Even though I disagree with some of the changes you&#39;r=
e making, I respect Mike&#39;s (and anyone&#39;s) right to make a fork of B=
itcoin Core. That&#39;s how open source works: if people disagree with chan=
ges made or not made, they can maintain their own version. However:<br></di=
v><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Consensus changes are *much* more difficult, on the other hand. Even relati=
vely straightforward softforks come with a long discussion process (see BIP=
62, BIP66). A hardfork is hard to do at the best of times (everyone needs t=
o upgrade their software!), and simply not possible if almost the entire te=
chnical community disagrees with you.<br></blockquote><div><br></div><div>C=
onsensus changes - in particular hardforks - are not about making a change =
to the software. You are effectively asking users of the system to migrate =
to a new system. Perhaps one which is a philosophical successor to the old =
one, but a different system, with new rules that are incompatible with the =
old one.<br><br></div><div>I believe this is something that can only be don=
e if there is no controversy about the change, for different reasons:<br></=
div><div><br>* Risk: no matter how you determine the switchover date, there=
 is no way of knowing when (and whether at all) everyone changes their full=
 nodes (and perhaps other software), and even very high hash power votes ca=
nnot prevent an actual fork from appearing afterwards. At best, people lose=
 the guarantee that their confirmations are meaningful (because at some poi=
nt it becomes clear that the other side will get adopted, and they need to =
switch). At worst, a fork persists, and two partitions appear, in each of w=
hich you can spend every pre-existing coin. This defeats the primary purpos=
e Bitcoin was designed for: double spend protection.<br><br></div><div>* Ph=
ilosophy: Bitcoin is not a democracy. The full node security model is desig=
ned to minimize trust in other parties in the system. This works by validat=
ing as much as possible according to the consensus rules. In particular, th=
ere is no &quot;majority vote&quot; that can override things (contrary to w=
hat some people think, it is not &quot;longest chain wins, and a majority o=
f miners decide&quot;; even a majority of miners cannot steal your coins or=
 produce more than the allowed subsidy, unless they convince others to chan=
ge their software). Changing the rules should be possible if there is wide =
consensus, but nobody should feel forced to change their code against their=
 will.<br><br></div><div>* Governance: being able to push for a controversi=
al change to the system sets an incredibly dangerous precedent about who is=
 in charge of the system&#39;s rules. What if next time it is a change dema=
nded by parties with less good intentions (and yes, I believe people in thi=
s discussions all have good intentions to improve the system in a way they =
think is most useful)? I can promise you that I will say anything in mail t=
o this list if someone points a gun at me, and I think you should make the =
same assumption about other people here. By avoiding controversial changes,=
 you avoid external and potentially invisible manipulation.<br><br></div><d=
iv>Of course, sometimes changes to the consensus rules may be wanted. The p=
resence of a bug is a good reason, and widespread agreement about one of th=
e system&#39;s limitation is too. As I said before, I think technological g=
rowth in network bandwidth, processing power, and storage, are a good reaso=
n why the system should be able to scale proportionally. I think there are =
good technical and economic reasons why we should be cautious about this, b=
ut the primary requirement is consensus, and aligning people&#39;s expectat=
ion about what they can expect from network&#39;s evolution.<br><br>-- <br>=
</div><div>Pieter<br><br></div></div></div></div>

--089e0160b7be3c6df70518c9f696--