Subnostr

The risk of working on social contracts and Bitcoin- Gregory Maxwell (2021)

> I promise that if bad people show up with a sufficient pointy gun that

I'll do whatever they tell me to do. I'll make bad proposals, submit

backdoors, and argue with querulous folks on mailing lists, diverting

them from real development and review work, all as commanded. Maybe

I'll try to sneak out a warning of some kind, maybe... but with my

life or my families or friends lives on the line— probably not.

> ... and I think that anyone who tells you otherwise probably just

hasn't really thought it through. So what is the point of commitments

like that? People change, people go crazy, people are coerced. Crap

happens, justifications are made, life goes on— or so we hope.

> What matters is building infrastructure— both social and technical—

that is robust against those sorts of failures. If you're depending on

individual developers (including anonymous parties and volunteers) to

be somehow made more trustworthy by some promises on a mailing list

you've already lost.

> If you care about this you could instead tell us about how much time

you promise to spend reviewing technical work to make sure such

attacks cannot be successful, regardless of their origins. Where are

your gitian signatures? I think thats a lot more meaningful, and it

also improves security for everyone involved since knowing that such

attacks can not succeeded removes the motivation for ever trying.

> A lot of what Bitcoin is about, for me at least, is building systems

which are as trustless as possible— ruled by unbreakable rules

embodied in the software people chose to use out of their own free

will and understanding. Or at least thats the ideal we should try to

approximate. If we're successful the adhomenim you've thrown on this

list will be completely pointless— not because people are trusted to

not do evil but because Bitcoin users won't accept technology that

makes it possible.

> So please go ahead and assume I'm constantly being evil and trying to

sneak something in... the technology and security can only be better

for it, but please leave the overt attacks at the door. Think

gentleman spies, not a street fighting death match. The rude attacks

and characterizations just turn people off and don't uncover actual

attacks. Maybe the informal guideline should be one flame-out

personal attack per cryptosystem you break, serious bug you uncover,

or impossible problem you solve. :)

Please Login to reply.

No replies yet.