📅 Original date posted:2020-01-14
📝 Original message:In general, your thoughts on the theory of how consensus changes should
work I strongly agree with. However, my one significant disagreement is
how practical it is for things to *actually* work that way. While I wish
ecosystem players (both businesses and users) spent their time
interacting with the Bitcoin development community enough that they had
a deep understanding of upcoming protocol change designs, it just isn't
realistic to expect that. Thus, having an "out" to avoid activation
after a release has been cut with fork activation logic is quite a
compelling requirement.
Thus, part of the goal here is that we ensure we have that "out", and
can observe the response of the ecosystem once the change is "staring
them in the face", as it were. A BIP 9 process is here not only to offer
a compelling activation path, but *also* to allow for observation and
discussion time for any lingering minor objections prior to a BIP 8/flag
day activation.
As for a "mandatory signaling period" as a part of BIP 8, I find this
idea strange both in that it flies in the face of all recent soft fork
design work, and because it doesn't actually accomplish its stated goal.
Recent soft-fork design has all been about how to design something with
minimal ecosystem impact. Certainly in the 95% activation case I can't
say I feel strongly, but if you actually *hit* the BIP 8 flag day,
deliberately causing significant network forks for old clients has the
potential to cause real ecosystem risk. While part of the reason for a
24-month time horizon between BIP 8 decision and flag-day activation
endeavors to de-risk the chance that major players are running on
un-upgraded nodes, you cannot ignore the reality of them, both full-,
and SPV-clients.
On the other hand, in practice, we've seen that version bits are set on
the pool side, and not on the node side, meaning the goal of ensuring
miners have upgraded isn't really accomplished in practice, you just end
up forking the chain for no gain.
Matt
On 1/11/20 2:42 PM, Anthony Towns wrote:
> On Fri, Jan 10, 2020 at 09:30:09PM +0000, Matt Corallo via bitcoin-dev wrote:
>> 1) a standard BIP 9 deployment with a one-year time horizon for
>> activation with 95% miner readiness,
>> 2) in the case that no activation occurs within a year, a six month
>> quieting period during which the community can analyze and discussion
>> the reasons for no activation and,
>> 3) in the case that it makes sense, a simple command-line/bitcoin.conf
>> parameter which was supported since the original deployment release
>> would enable users to opt into a BIP 8 deployment with a 24-month
>> time-horizon for flag-day activation (as well as a new Bitcoin Core
>> release enabling the flag universally).
>
> FWIW etc, but my perspective on this is that the way we want consensus
> changes in Bitcoin to work is:
>
> - decentralised: we want everyone to be able to participate, in
> designing/promoting/reviewing changes, without decision making
> power getting centralised amongst one group or another
>
> - technical: we want changes to be judged on their objective technical
> merits; politics and animal spirits and the like are fine, especially
> for working out what to prioritise, but they shouldn't be part of the
> final yes/no decision on consensus changes
>
> - improvements: changes might not make everyone better off, but we
> don't want changes to screw anyone over either -- pareto
> improvements in economics, "first, do no harm", etc. (if we get this
> right, there's no need to make compromises and bundle multiple
> flawed proposals so that everyone's an equal mix of happy and
> miserable)
>
> In particular, we don't want to misalign skills and responsibilities: it's
> fine for developers to judge if a proposal has bugs or technical problems,
> but we don't want want developers to have to decide if a proposal is
> "sufficiently popular" or "economically sound" and the like, for instance.
> Likewise we don't want to have miners or pool operators have to take
> responsibility for managing the whole economy, rather than just keeping
> their systems running.
>
> So the way I hope this will work out is:
>
> - investors, industry, people in general work out priorities for what's
> valuable to work on; this is an economic/policy/subjective question,
> that everyone can participate in, and everyone can act on --
> either directly if they're developers who can work on proposals and
> implementations directly, or indirectly by persuading or paying other
> people to work on whatever's important
>
> - developers work on proposals, designing and implementing them to make
> (some subset of) bitcoin users better off, and to not make anyone worse
> off.
>
> - if someone discovers a good technical reason why a proposal does make
> people worse off, we don't try to keep pushing the proposal over the
> top of objections, but go back to the drawing board and try to fix
> the problems
>
> - once we've done as much development as we can, including setting up
> experimental testnet/signet style deployments for testing, we setup a
> deployment. the idea at this point is to make sure the live network
> upgrade works, and to retain the ability to abort if last minute
> problems come up. no doubt some review and testing will be left until
> the last minute and only done here, but *ideally* the focus should be
> on catching errors *well before* this point.
>
> - as a result, the activation strategy mostly needs to be about ensuring
> that the Bitcoin network stays in consensus, rather than checking
> popularity or voting -- the yes/no decisions should have mostly been
> made earlier already. so we have two strategies for locking in the
> upgrade: either 95%+ of hashpower signals that they've upgraded to
> software that will enforce the changes forever more, _or_ after a
> year of trying to deploy, we fail to find any technical problems,
> and then allow an additional 2.5 years to ensure all node software is
> upgraded to enforce the new rules before locking them in.
>
> The strategy behind the last point is that we need to establish that
> there's consensus amongst all of Bitcoin before we commit to a flag day,
> and if we've found some method to establish consensus on that, then we're
> done -- we've already got consensus, we don't need to put a blockchain
> protocol on top of that and signal that we've got consensus. (Activating
> via hashpower still needs signalling, because we need to coordinate on
> *when* sufficient hashpower has upgraded)
>
> This approach is obviously compatible with BIP-148 or BIP-91 style
> forced-signalling UASFs if some upgrade does need to be done urgently
> despite miner opposition; the forced signalling just needs to occur during
> the BIP-9 or BIP-8 phases, and no during the "quiet period". Probably the
> first period of BIP-8 after the quiet period would make the most sense.
>
> But without that, this approach seems very friendly for miners: even
> if they don't upgrade, they won't mine invalid blocks (unless the rules
> activate and someone else deliberately mines an invalid block and they
> build on top of it), and if a change is incompatible with, say 10%
> of hashpower, it won't be forced on them for 3.5 years, by which point
> it's probably a good bet that everyone's upgrading to a new generation
> of mining hardware anyway. But even that's a backstop, because if a
> change *is* incompatible with existing mining hardware, that's an easily
> describable technical problem that should mean we go back to the drawing
> board and fix it, not deploy the change despite the problems. [0]
>
> On Fri, Jan 10, 2020 at 11:21:51PM +0100, Jorge Timón via bitcoin-dev wrote:
>> Regarding bip8-like activation, luke-jr suggested that [..] a
>> consensus rule could require the blocks to signal for activation in
>> the last activation window.
>
> FWIW, that had been my (strong) preference too, but I think I'm now
> convinced it's not needed/useful.
>
>> I see 2 main advantages for this:
>> 1) Outdated nodes can implement warnings (like in bip9) and they can
>> see those warnings even if it's activated in the last activation
>> window.
>
> The 3.5 year window from BIP-9-starttime to BIP-8-flagday means you'd
> have to be using *very* out of date software to need to autodetect
> unknown upgrades. If an upgrade starts on 2021-01-01 say, it'd be
> supported by 0.21.x, 0.22.0, and 0.23.0 (with bip8 as an opt-in) and
> 0.24.0, 0.25.0, 0.26.0, 0.27.0, and 0.28.0 (with bip8 as always on)
> before flag day activation on 2024-06-01.
>
> 0.21.x to 0.23.x could warn if they see potential early BIP-8 activation
> via versionbits, and also warn if the flag day date is seen saying "flag
> day activation may have happened, please check external sources and
> consider upgrading your node software".
>
> So you'd need to be running 0.20.x, released 4 years prior to the
> activation to be outdated enough to not get warnings, I think.
>
>> 2) It is easier for users to actively resist a given change they
>> oppose. Instead of requiring signaling, their nodes can be set to
>> ignore chains that activate it. This will result in a fork, but if
>> different groups of users want different things, this is arguably the
>> best behaviour: a "clean" split.
>
> If you're knowingly doing a deliberate minority chain split, you'll
> almost certainly change the PoW function, and trivially get a clean
> split as a result of doing that.
>
> But I think what we want is to move away from consensus decisions being a
> "who has the most money/power/hashpower/nodes/reddit-accounts" contest
> to being a question of "have we dealt with every reasonable technical
> objection?" -- I think that's better for decentralisation in that anyone
> can stop a bad proposal without having to be rich/powerful/persuasive,
> and better for encouraging constructive contributions.
>
> The other side to this is that if it's just a matter of resolving
> technical problems, then it's also straightforward for a small but skilled
> group to get a consensus change through even if the vast majority doesn't
> think it's a priority -- they just need to make a good proposal, make
> sure it doesn't make people worse off, work through all the objections
> people find, and be willing to wait for it to go through reviews and
> upgrade steps which may take extra time if other people don't think it's
> a high priority. But those are all just technical challenges, that can
> be resolved with skill and patience, whoever you might be. So to me,
> that's a win for decentralisation as well.
>
>> I assume many people won't like this, but I really think we should
>> consider how users should ideally resist an unwanted change, even if
>> the proponents had the best intentions in mind, there may be
>> legitimate reasons to resist it that they may not have considered.
>
> For me, the focus there is on Matt's first point: "avoid activating
> [or merging, or even proposing] in the face of significant, reasonable,
> and directed objection". If you want to stop a change you should have to
> do nothing more than describe the problems with it; and if there aren't
> problems with it, you shouldn't be trying to stop the change.
>
> (A benefit to having the BIP-8 settings defined simultaneously with
> the initial activation attempt is that it means that if the core
> devs/maintainers go crazy with power and try to force/prevent the BIP-8
> activation despite clear community consensus going the other way, then
> it will be easy to for the client, and set the parameter correctly --
> literally just a matter of changing a value in chainparams.cpp, unlike the
> difficulties of changing the blocksize from 1MB to 2MB. Other variations
> of this overall approach have the same benefit)
>
> Cheers,
> aj (very grateful to Greg and Matt for explaining a lot of thing
> about this approach and helping resolve my concerns with it)
>
> [0] Trigger warning, PTSD over the 2015-2017 blocksize wars...
>
> The segwit timeline was something like this:
>
> 2015-05 - blocksize debate begins on bitcoin-dev
> 2015-08 - bitcoin xt with bip101 hardfork released
> 2015-09 - scaling bitcoin phase 1
> 2015-12 - segwit proposal at scaling bitcoin phase 2
> 2016-01 - segwit testnet launched
> 2016-02 - bitcoin classic with bip109 hardfork released
> 2016-04 - first release (0.12.1) with a bip9 deployment (csv)
> 2016-06 - segwit merged
> 2016-07 - csv activated
> 2016-10 - first release (0.13.1) with segwit activation params
> 2016-11 - segwit activation starttime
> 2017-02 - UASF first proposed
> 2017-03 - antpool to swith to bitcoin unlimited
> 2017-04 - covert ASICBoost vs segwit conflict described
> 2017-05 - NY segwit2x agreement, btc1 with bip102 hardfork started
> 2017-05 - BIP-91 proposed
> 2017-06 - UAHF proposal from bitmain that became BCH
> 2017-07 - BIP-91 lockin
> 2017-08 - BIP-148 activation
> 2017-08 - BCH chainsplit
> 2017-08 - segwit lockin and activation
> 2017-11 - 2x fork called off; btc1 nodes stall; 2x chain stillborn
> 2018-02 - first release (0.16.0) with segwit wallet support
>
> (That's about 33 months in total, compared to the 24 months we've
> already spent since taproot was first described in Jan 2018, or the
> 42 months before flag-day activation in Matt's proposal)
>
> I don't think that timeline is a good example of how things should
> work, and would call out a few mistakes in particular:
>
> * too much urgency to increase the blocksize resulting in rushed
> decision making, especially for the hardfork implementations, but
> also for segwit
>
> * alternative clients attempted to activate forks without
> resolving technical problems (eventually resulting in the btc1
> client stalling prior to the expected hard fork block, eg)
>
> * a lot of emphasis was on numbers (market share, hashpower, etc)
> rather than technical merits, resulting in a lot of false
> signalling an political meaneuvering
>
> * the incompatibility between ASICBoost and segwit wasn't noticed
> prior to activation, and wasn't fixed when it was noticed
> (certainly you can justify this as a tit-for-tat response to the
> other errors having been made in bad faith, or as not being a real
> problem because everyone claimed that they weren't doing covert
> ASICBoost, but considered on its own I think the incompatibility
> should have been resolved)
>
> * the UASF approach had significant potential technical problems
> (potential for long reorgs, p2p network splits) that weren't
> resolved by the time it became active. happily, this was mitigated
> by hashpower enforcement of BIP-148 rules via BIP-91. neither
> BIP-148 or BIP-91 gained enough consensus to be supported in
> bitcoin core though
>
> I don't personally think we need to fix every problem we had with
> segwit's process -- it eventually mostly worked out okay, after all --
> but I think Matt's approach has a good chance of fixing a lot of
> them, while still leaving us flexibility to deal with whatever new
> problems we come up with in their place.
>
Matt Corallo [ARCHIVE] /
npub1e4…jxmcu
2023-06-07 18:22:17
in reply to nevent1q…a43t
Author Public Key
npub1e46n428mcyfwznl7nlsf6d3s7rhlwm9x3cmkuqzt3emmdpadmkaqqjxmcuPublished at
2023-06-07 18:22:17Event JSON
{
"id": "62ef57eae33b6d30cede9283a0d6c3a5a6cd6a89e3dc58a0ce301dc8a1ae4d8e",
"pubkey": "cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba",
"created_at": 1686162137,
"kind": 1,
"tags": [
[
"e",
"841b1723b46d2192c57b523c3e08b52e866795609acdd0d30e830bbd3f4a039e",
"",
"root"
],
[
"e",
"39b7a29b65e086f4747da186dd27e213297b15cebcad86da6d9ca0d7d6c8620f",
"",
"reply"
],
[
"p",
"5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803"
]
],
"content": "📅 Original date posted:2020-01-14\n📝 Original message:In general, your thoughts on the theory of how consensus changes should\nwork I strongly agree with. However, my one significant disagreement is\nhow practical it is for things to *actually* work that way. While I wish\necosystem players (both businesses and users) spent their time\ninteracting with the Bitcoin development community enough that they had\na deep understanding of upcoming protocol change designs, it just isn't\nrealistic to expect that. Thus, having an \"out\" to avoid activation\nafter a release has been cut with fork activation logic is quite a\ncompelling requirement.\n\nThus, part of the goal here is that we ensure we have that \"out\", and\ncan observe the response of the ecosystem once the change is \"staring\nthem in the face\", as it were. A BIP 9 process is here not only to offer\na compelling activation path, but *also* to allow for observation and\ndiscussion time for any lingering minor objections prior to a BIP 8/flag\nday activation.\n\nAs for a \"mandatory signaling period\" as a part of BIP 8, I find this\nidea strange both in that it flies in the face of all recent soft fork\ndesign work, and because it doesn't actually accomplish its stated goal.\n\nRecent soft-fork design has all been about how to design something with\nminimal ecosystem impact. Certainly in the 95% activation case I can't\nsay I feel strongly, but if you actually *hit* the BIP 8 flag day,\ndeliberately causing significant network forks for old clients has the\npotential to cause real ecosystem risk. While part of the reason for a\n24-month time horizon between BIP 8 decision and flag-day activation\nendeavors to de-risk the chance that major players are running on\nun-upgraded nodes, you cannot ignore the reality of them, both full-,\nand SPV-clients.\n\nOn the other hand, in practice, we've seen that version bits are set on\nthe pool side, and not on the node side, meaning the goal of ensuring\nminers have upgraded isn't really accomplished in practice, you just end\nup forking the chain for no gain.\n\nMatt\n\nOn 1/11/20 2:42 PM, Anthony Towns wrote:\n\u003e On Fri, Jan 10, 2020 at 09:30:09PM +0000, Matt Corallo via bitcoin-dev wrote:\n\u003e\u003e 1) a standard BIP 9 deployment with a one-year time horizon for\n\u003e\u003e activation with 95% miner readiness,\n\u003e\u003e 2) in the case that no activation occurs within a year, a six month\n\u003e\u003e quieting period during which the community can analyze and discussion\n\u003e\u003e the reasons for no activation and,\n\u003e\u003e 3) in the case that it makes sense, a simple command-line/bitcoin.conf\n\u003e\u003e parameter which was supported since the original deployment release\n\u003e\u003e would enable users to opt into a BIP 8 deployment with a 24-month\n\u003e\u003e time-horizon for flag-day activation (as well as a new Bitcoin Core\n\u003e\u003e release enabling the flag universally).\n\u003e \n\u003e FWIW etc, but my perspective on this is that the way we want consensus\n\u003e changes in Bitcoin to work is:\n\u003e \n\u003e - decentralised: we want everyone to be able to participate, in\n\u003e designing/promoting/reviewing changes, without decision making\n\u003e power getting centralised amongst one group or another\n\u003e \n\u003e - technical: we want changes to be judged on their objective technical\n\u003e merits; politics and animal spirits and the like are fine, especially\n\u003e for working out what to prioritise, but they shouldn't be part of the\n\u003e final yes/no decision on consensus changes\n\u003e \n\u003e - improvements: changes might not make everyone better off, but we\n\u003e don't want changes to screw anyone over either -- pareto\n\u003e improvements in economics, \"first, do no harm\", etc. (if we get this\n\u003e right, there's no need to make compromises and bundle multiple\n\u003e flawed proposals so that everyone's an equal mix of happy and\n\u003e miserable)\n\u003e \n\u003e In particular, we don't want to misalign skills and responsibilities: it's\n\u003e fine for developers to judge if a proposal has bugs or technical problems,\n\u003e but we don't want want developers to have to decide if a proposal is\n\u003e \"sufficiently popular\" or \"economically sound\" and the like, for instance.\n\u003e Likewise we don't want to have miners or pool operators have to take\n\u003e responsibility for managing the whole economy, rather than just keeping\n\u003e their systems running.\n\u003e \n\u003e So the way I hope this will work out is:\n\u003e \n\u003e - investors, industry, people in general work out priorities for what's\n\u003e valuable to work on; this is an economic/policy/subjective question,\n\u003e that everyone can participate in, and everyone can act on --\n\u003e either directly if they're developers who can work on proposals and\n\u003e implementations directly, or indirectly by persuading or paying other\n\u003e people to work on whatever's important\n\u003e \n\u003e - developers work on proposals, designing and implementing them to make\n\u003e (some subset of) bitcoin users better off, and to not make anyone worse\n\u003e off.\n\u003e \n\u003e - if someone discovers a good technical reason why a proposal does make\n\u003e people worse off, we don't try to keep pushing the proposal over the\n\u003e top of objections, but go back to the drawing board and try to fix\n\u003e the problems\n\u003e \n\u003e - once we've done as much development as we can, including setting up\n\u003e experimental testnet/signet style deployments for testing, we setup a\n\u003e deployment. the idea at this point is to make sure the live network\n\u003e upgrade works, and to retain the ability to abort if last minute\n\u003e problems come up. no doubt some review and testing will be left until\n\u003e the last minute and only done here, but *ideally* the focus should be\n\u003e on catching errors *well before* this point.\n\u003e \n\u003e - as a result, the activation strategy mostly needs to be about ensuring\n\u003e that the Bitcoin network stays in consensus, rather than checking\n\u003e popularity or voting -- the yes/no decisions should have mostly been\n\u003e made earlier already. so we have two strategies for locking in the\n\u003e upgrade: either 95%+ of hashpower signals that they've upgraded to\n\u003e software that will enforce the changes forever more, _or_ after a\n\u003e year of trying to deploy, we fail to find any technical problems,\n\u003e and then allow an additional 2.5 years to ensure all node software is\n\u003e upgraded to enforce the new rules before locking them in.\n\u003e \n\u003e The strategy behind the last point is that we need to establish that\n\u003e there's consensus amongst all of Bitcoin before we commit to a flag day,\n\u003e and if we've found some method to establish consensus on that, then we're\n\u003e done -- we've already got consensus, we don't need to put a blockchain\n\u003e protocol on top of that and signal that we've got consensus. (Activating\n\u003e via hashpower still needs signalling, because we need to coordinate on\n\u003e *when* sufficient hashpower has upgraded)\n\u003e \n\u003e This approach is obviously compatible with BIP-148 or BIP-91 style\n\u003e forced-signalling UASFs if some upgrade does need to be done urgently\n\u003e despite miner opposition; the forced signalling just needs to occur during\n\u003e the BIP-9 or BIP-8 phases, and no during the \"quiet period\". Probably the\n\u003e first period of BIP-8 after the quiet period would make the most sense.\n\u003e \n\u003e But without that, this approach seems very friendly for miners: even\n\u003e if they don't upgrade, they won't mine invalid blocks (unless the rules\n\u003e activate and someone else deliberately mines an invalid block and they\n\u003e build on top of it), and if a change is incompatible with, say 10%\n\u003e of hashpower, it won't be forced on them for 3.5 years, by which point\n\u003e it's probably a good bet that everyone's upgrading to a new generation\n\u003e of mining hardware anyway. But even that's a backstop, because if a\n\u003e change *is* incompatible with existing mining hardware, that's an easily\n\u003e describable technical problem that should mean we go back to the drawing\n\u003e board and fix it, not deploy the change despite the problems. [0]\n\u003e \n\u003e On Fri, Jan 10, 2020 at 11:21:51PM +0100, Jorge Timón via bitcoin-dev wrote:\n\u003e\u003e Regarding bip8-like activation, luke-jr suggested that [..] a\n\u003e\u003e consensus rule could require the blocks to signal for activation in\n\u003e\u003e the last activation window.\n\u003e \n\u003e FWIW, that had been my (strong) preference too, but I think I'm now\n\u003e convinced it's not needed/useful.\n\u003e \n\u003e\u003e I see 2 main advantages for this:\n\u003e\u003e 1) Outdated nodes can implement warnings (like in bip9) and they can\n\u003e\u003e see those warnings even if it's activated in the last activation\n\u003e\u003e window.\n\u003e \n\u003e The 3.5 year window from BIP-9-starttime to BIP-8-flagday means you'd\n\u003e have to be using *very* out of date software to need to autodetect\n\u003e unknown upgrades. If an upgrade starts on 2021-01-01 say, it'd be\n\u003e supported by 0.21.x, 0.22.0, and 0.23.0 (with bip8 as an opt-in) and\n\u003e 0.24.0, 0.25.0, 0.26.0, 0.27.0, and 0.28.0 (with bip8 as always on)\n\u003e before flag day activation on 2024-06-01.\n\u003e \n\u003e 0.21.x to 0.23.x could warn if they see potential early BIP-8 activation\n\u003e via versionbits, and also warn if the flag day date is seen saying \"flag\n\u003e day activation may have happened, please check external sources and\n\u003e consider upgrading your node software\".\n\u003e \n\u003e So you'd need to be running 0.20.x, released 4 years prior to the\n\u003e activation to be outdated enough to not get warnings, I think.\n\u003e \n\u003e\u003e 2) It is easier for users to actively resist a given change they\n\u003e\u003e oppose. Instead of requiring signaling, their nodes can be set to\n\u003e\u003e ignore chains that activate it. This will result in a fork, but if\n\u003e\u003e different groups of users want different things, this is arguably the\n\u003e\u003e best behaviour: a \"clean\" split.\n\u003e \n\u003e If you're knowingly doing a deliberate minority chain split, you'll\n\u003e almost certainly change the PoW function, and trivially get a clean\n\u003e split as a result of doing that.\n\u003e \n\u003e But I think what we want is to move away from consensus decisions being a\n\u003e \"who has the most money/power/hashpower/nodes/reddit-accounts\" contest\n\u003e to being a question of \"have we dealt with every reasonable technical\n\u003e objection?\" -- I think that's better for decentralisation in that anyone\n\u003e can stop a bad proposal without having to be rich/powerful/persuasive,\n\u003e and better for encouraging constructive contributions. \n\u003e \n\u003e The other side to this is that if it's just a matter of resolving\n\u003e technical problems, then it's also straightforward for a small but skilled\n\u003e group to get a consensus change through even if the vast majority doesn't\n\u003e think it's a priority -- they just need to make a good proposal, make\n\u003e sure it doesn't make people worse off, work through all the objections\n\u003e people find, and be willing to wait for it to go through reviews and\n\u003e upgrade steps which may take extra time if other people don't think it's\n\u003e a high priority. But those are all just technical challenges, that can\n\u003e be resolved with skill and patience, whoever you might be. So to me,\n\u003e that's a win for decentralisation as well.\n\u003e \n\u003e\u003e I assume many people won't like this, but I really think we should\n\u003e\u003e consider how users should ideally resist an unwanted change, even if\n\u003e\u003e the proponents had the best intentions in mind, there may be\n\u003e\u003e legitimate reasons to resist it that they may not have considered.\n\u003e \n\u003e For me, the focus there is on Matt's first point: \"avoid activating\n\u003e [or merging, or even proposing] in the face of significant, reasonable,\n\u003e and directed objection\". If you want to stop a change you should have to\n\u003e do nothing more than describe the problems with it; and if there aren't\n\u003e problems with it, you shouldn't be trying to stop the change.\n\u003e \n\u003e (A benefit to having the BIP-8 settings defined simultaneously with\n\u003e the initial activation attempt is that it means that if the core\n\u003e devs/maintainers go crazy with power and try to force/prevent the BIP-8\n\u003e activation despite clear community consensus going the other way, then\n\u003e it will be easy to for the client, and set the parameter correctly --\n\u003e literally just a matter of changing a value in chainparams.cpp, unlike the\n\u003e difficulties of changing the blocksize from 1MB to 2MB. Other variations\n\u003e of this overall approach have the same benefit)\n\u003e \n\u003e Cheers,\n\u003e aj (very grateful to Greg and Matt for explaining a lot of thing\n\u003e about this approach and helping resolve my concerns with it)\n\u003e \n\u003e [0] Trigger warning, PTSD over the 2015-2017 blocksize wars...\n\u003e \n\u003e The segwit timeline was something like this:\n\u003e \n\u003e 2015-05 - blocksize debate begins on bitcoin-dev\n\u003e 2015-08 - bitcoin xt with bip101 hardfork released\n\u003e 2015-09 - scaling bitcoin phase 1\n\u003e 2015-12 - segwit proposal at scaling bitcoin phase 2\n\u003e 2016-01 - segwit testnet launched\n\u003e 2016-02 - bitcoin classic with bip109 hardfork released\n\u003e 2016-04 - first release (0.12.1) with a bip9 deployment (csv)\n\u003e 2016-06 - segwit merged\n\u003e 2016-07 - csv activated\n\u003e 2016-10 - first release (0.13.1) with segwit activation params\n\u003e 2016-11 - segwit activation starttime\n\u003e 2017-02 - UASF first proposed\n\u003e 2017-03 - antpool to swith to bitcoin unlimited\n\u003e 2017-04 - covert ASICBoost vs segwit conflict described\n\u003e 2017-05 - NY segwit2x agreement, btc1 with bip102 hardfork started\n\u003e 2017-05 - BIP-91 proposed\n\u003e 2017-06 - UAHF proposal from bitmain that became BCH\n\u003e 2017-07 - BIP-91 lockin\n\u003e 2017-08 - BIP-148 activation\n\u003e 2017-08 - BCH chainsplit\n\u003e 2017-08 - segwit lockin and activation\n\u003e 2017-11 - 2x fork called off; btc1 nodes stall; 2x chain stillborn\n\u003e 2018-02 - first release (0.16.0) with segwit wallet support\n\u003e \n\u003e (That's about 33 months in total, compared to the 24 months we've\n\u003e already spent since taproot was first described in Jan 2018, or the\n\u003e 42 months before flag-day activation in Matt's proposal)\n\u003e \n\u003e I don't think that timeline is a good example of how things should\n\u003e work, and would call out a few mistakes in particular:\n\u003e \n\u003e * too much urgency to increase the blocksize resulting in rushed\n\u003e decision making, especially for the hardfork implementations, but\n\u003e also for segwit\n\u003e \n\u003e * alternative clients attempted to activate forks without\n\u003e resolving technical problems (eventually resulting in the btc1\n\u003e client stalling prior to the expected hard fork block, eg)\n\u003e \n\u003e * a lot of emphasis was on numbers (market share, hashpower, etc)\n\u003e rather than technical merits, resulting in a lot of false\n\u003e signalling an political meaneuvering\n\u003e \n\u003e * the incompatibility between ASICBoost and segwit wasn't noticed\n\u003e prior to activation, and wasn't fixed when it was noticed\n\u003e (certainly you can justify this as a tit-for-tat response to the\n\u003e other errors having been made in bad faith, or as not being a real\n\u003e problem because everyone claimed that they weren't doing covert\n\u003e ASICBoost, but considered on its own I think the incompatibility\n\u003e should have been resolved)\n\u003e \n\u003e * the UASF approach had significant potential technical problems\n\u003e (potential for long reorgs, p2p network splits) that weren't\n\u003e resolved by the time it became active. happily, this was mitigated\n\u003e by hashpower enforcement of BIP-148 rules via BIP-91. neither\n\u003e BIP-148 or BIP-91 gained enough consensus to be supported in\n\u003e bitcoin core though\n\u003e \n\u003e I don't personally think we need to fix every problem we had with\n\u003e segwit's process -- it eventually mostly worked out okay, after all --\n\u003e but I think Matt's approach has a good chance of fixing a lot of\n\u003e them, while still leaving us flexibility to deal with whatever new\n\u003e problems we come up with in their place.\n\u003e",
"sig": "58627ff3d8842162f37a12e7b1656c43e2789b18b3afb3373b6f65692f38161d3de61db49232fa09872a742826bbcf725074ef92e00d5eed0e43e828b3bf5924"
}