by the way, can a security government agency predict the SAFE net launch?
I don’t understand the relevance of the question…
How do you know, if it had come coercing Maidsafe team or it comes soon?
We wouldn’t necessarily know if they’re coercing the Maidsafe team. That’s half the point - how would we ever know if the team has been compromised?
What about decentralizing the update release network? Like you have one node in say Scotland, one in India, a couple others around the world, and each has a multi sig key and it’s only when they all agree that the update is released to the network. They can’t all know one another so there would have to be a process where nodes, and techs, were selected for updates without all the other nodes being made aware of it.
If one compromised keyholder knows who the other keyholders are - then those other keyholders could be compromised.
I ask @dirvine about this in the last SAFE Crossroads podcast and we discuss it.
I’ll have to listen, thanks for sharing.
the code is open source, so everybody can look at the commits history, check the code, and then recompile it from source.
Also you can be sure that the code will be forked thousands of times and even re-implemented in other languages (like the bitcoin nodes).
Sure, but my point is that, as far as I am aware, the Maidsafe Foundation is planning to push updates out to all the vaults on the network. Suppose I can look at the public repo and feel confident that the code is good, but then a compromised Maidsafe Foundation pushes an update to my vault, without my knowledge or consent, that contains code that isn’t necessarily in the repo. How do we know the vault code is the same as the repo code? That’s why I asked about being able to compare the hash of the repo build with the hash of the locally running vault build.
If Maidsafe Foundation don’t have authority to push backwards-incompatible changes to all nodes in the network then they hit the same governance problem that bitcoin has where miners have the choice of which version they run - and that seems like it would open up an entirely new can of worms for data integrity and network stability that I’ve not seen discussed anywhere.
I could be entirely misguided about this. Such concerns rest on the assumption that the Maidsafe Foundation will be able to forcibly push updates to all vaults.