Governance (and government intervention) of updates to the SAFE network


That’s a good point … perhaps a simple weighted voting mechanism based on number of commits. Of course if the weighting is too skewed, then some individuals will have too much power (and then they can be rubber hosed to vote one way or another), so maybe only small weights? In any case bots will have a difficult time getting any commits on ‘Safe-git’ I think.

There is no perfect system in the end - everything can and will be gamed, so it’s always a continuous effort to maintain what we seek in the end.


Well, look at the case with Bitcoin. Rumours suggest (and I might be way off the mark, but it still works as a hypothetical example) that AXA banking cartel funded the Blockstream dev team, who started doing a lot of dev work and steering BTC in a completely different direction from satoshi’s whitepaper, hence why BCH started. If you’re a powerful monetary group and can fund lots of developers to create lots of commits and get very involved in the dev community then you could strongarm the direction of development.

Having said that, I suppose it’s possible for that to happen anyway. You could line the back pocket of devs in the Maidsafe Foundation on the conditions that they steer it in a certain direction or whatever (not suggesting any of the current generation of Maidsafe devs would be susceptible to such things).

Tough problems to solve…


Agree, but one that must be solved. I really hold out hope for a technical only solution as apart from that then it seems dictatorships are the most efficient governance on many occasions and even then I think it is terrible and who would want to do that? (hint anyone that does should not be :wink: ). Personally I would not be able to do it, not my character. So technical solution is by far the best, then we can see the rules and decide if we want to stick with that network, or take our data and leave it for another.


I’ll do it :rofl: :rofl:


:slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face: < - @happybeing’s enforcers, don’t mess


It seems to me that we need to incentivise the core principles upon which the network is now being built. Merely building barriers (walls!) doesn’t work long term, they just get attacked and torn down. So a means (an incentive) to attract a continuous active resistance to forces opposing the core principles seems a more long term stable approach.


The point @tfa made was that the code will be forked and was not meaning the data.

Here though forks of the code does not necessarily mean forking the data. And as @tfa says forks will be made for language and other reasons. Especially the UI libraries will be forked if people need differing interfaces.

SAFE is a system of protocols. In essence if you created node code that implemented the protocols correctly and obeyed the protocol rules then the network would accept the node running that code. It is in the protocols that the network is stitched together.

So if your node does not obey the consensus rules, or obey the data retrieval rules, or obey … etc … etc … then that node would be removed from the section and ignored. But if it does its job correctly and obeys the rules then there is no reason for it to be removed. Remember the nodes only see the data/protocols being sent to them and so each node is a black box implementing protocols and rules.

As to running different versions, its like the above, as long as the new versions understands the previous versions of the protocol & rules then all is fine. Just like routers, computers, etc can understand tcp/ip V4 and v6 on the same network, so would the SAFE nodes understand previous versions of the protocol. If they did not then you could not upgrade the actual protocol without a coordinated restart of all the nodes.

Now how many versions of the protocols can be understood is the real question.

Also node upgrades will involve much more than protocol changes/upgrades. Maybe it will be optimisations or changes to the user interface/apis. And I suspect that protocol changes will be rare compared to all the other upgrades.

Now as to how we protect from coercing a developer. Well we cannot really, but what is possible and will definitely happen is any changes will be looked at and pulled apart by a number of people. I had lunch yesterday with one such person who knows their stuff around the SAFE code and they were telling me of another whom they met by chance. The other person asked my friend if he knew of the safe network and this other person told my friend how he had walked through the code. Now I am sure that there are many others around the world like that keeping a very close eye on the code including also @tfa above.

Also one fork I will be implementing, if needed, is one that prevents automatic upgrading of the node’s software. As a System Administrator I do not allow automatic upgrades and only upgrade at a suitable time after I am confident of the upgrade’s viability and security.


I agree. That’s why you limit known keyholders to small cells, preferably keep the keyholders totally unknown to each other. The problem is techs need to work together and often work together in meat space so total anonymity isn’t really feasible. The best one could do is a cell network of some kind to limit knowledge and damage to any given cell. I mean someone needs to actually code these updates after all right?


Probably not very applicable for SAFE voting/governance. But maybe useful to also look to the Papal election procedure for possible inspiration.

And a third and final lesson: when an election process is left to develop over the course of a couple thousand years, you end up with something surprisingly good.


Imagine: “Just another couple of thousand years and we’ll have cracked it” :joy:


And if you read about it, it is heavily biased with a lot of pre-vote decisions being made etc and at least one pope died very soon afterwards by the usual method used by the upper class (poison) that cannot be easily detected.

So if the vote is not accepted by the higher cardinals then there will be a new vote needed not long after. :thinking:

If a cardinal cannot walk to the altar, one of the Scrutineers – in full view of everyone – does this for him.

This bit made me think of a common magic trick of switching papers while in full view of the street audience right next to him/her.


And if you read about it, it is heavily biased with a lot of pre-vote decisions being made

What do you mean with biased and pre-vote decisions? Isn’t that just part of the Election campaign?
I read here that the average age is 71 (older than 80 is not allowed) in the 2005 edition. So the voters (cardinals) are maybe more easily fooled by a magic trick. But the sleight of hand is probably also less quick at that age :wink:
That high age does make deaths soon after less suspicous though. It also makes the average revote frequency lower.
Might also be a good read for the ones interested: Conclave 2.0: Top 10 reasons why this version is different.


Its supposed to be a vote where the Will of God is capable of being known using vessels who are not “God’s representative on earth” to then vote in “God’s representative on earth

Now if they were then they should only be consulting God in prayer and not each other doing deals and underhanded manipulation in order to position themselves better for that vote or one of the next ones to the one chosen. And this is the premise that makes the voting system seem good and all the while its one that makes easy the wheeling, dealing, manipulation and positioning themselves to be closer to the next pope which of course invalidates its worth.

As to the early death – well if they are indeed voting “God’s representative on earth” then it is unimaginable that the person chosen would die before they could do any papal work. Yes it might be possible that God wanted one thing changed then let that pope die, but when there has been nothing done, it is doubly suspicious and obvious and will never be investigated.

I guess the real reason I would not implement any such system is that it has evolved as a method of giving the more powerful cardinals the ability to manipulate while appearing to be above board and absolutely fair. And it is anything but what it claims to do (Vote in God’s voice) since it is based on invalid premises. Such that the one being voted for is anything but God’s voice and is basically a leader of a worldwide club that uses religious observance of a miss mash of ancient religions and a bastardised form of Jewish religion and Mary-ism and nasty Jesus-ism.

A voting system for an invalid purpose is not really one to be followed is it? But studied, well there maybe some points to be aware of in how to be a manipulative voting system while appearing really good.


To be clear: I’m not religious. So of course I find the premise “God’s representative on earth” laughable. But even more so: that kind of checks in an election is an art in hypocrisy (TrustBelieve is good, control is better).
However, I’ve more trust in the power urges and the paranoid against each other which leads to such election procedures so that every party at least knows that rigging the given votes will be very difficult, so they can concentrate at what they are good at: trying to convince others to believe in a fairy tail (e.g. voting for me is a good choice) :wink:


And it is thus no good for a decentralised network that wants to be fair. What you describe is an unfair system. Power imbalances, but at least known by the insiders, but unknown (supposedly) to the mass majority (10 million times those in the know)


There are of course a lot differences between a papal election and the governance of a decentralised network.
But there is still 1 pope after 2000 years (the 2nd was called Linus by the way), surviving for example a lot of anti popes (reminds me of Bitcoin clones). I would not focus on fair or not in looking at the history of the Papal election for inspiration (also in how not to do things), but on consensus between the parties involved. There had to be a at least bit of that, otherwise it didn’t survive 2000 years.


But thats the point. Decentralised systems should be unbiased and without coercion and the papal voting system is designed to be just that, one of power imbalances and coercion under the guise of fair and above board.

So unless you want that sort of voting where powerful control things then you don’t want the sleight of hand and/or deceitful system used in papal voting.


My point is that it has survived for so long, so there could be some interesting elements in it. There has to be at least a certain level of consensus (feeling of fairness) between the powerful. Or do you think the powerful always agree with each other?
When that was not the case in the past, you did get an pope/antipope split. If I understand it correctly some parts of the procedure are an effort to prevent such splits from reoccurring.


Any wheeling and dealing amongst the powerful is to ensure the powerful do not become the unpowerful. Power is bound up in the few to the detriment of the many. Whether the many are the billion of so people in the church or the majority of the cardinals. The much less than 1600 years of development has been to make that system as frictionless as possible and to ensure the deception of fairness is enhanced.

The powerful will compromise till they get the best outcome for themselves over the majority. Look at how our governments have ones who govern for the benefit of the rich and to ensure the masses do not rob them of their riches.

Decentralised systems are tying to do the opposite and give the masses the power again. Obviously spread out amongst them and not to provide avenues for the few to become the power brokers through deals and compromises to see themselves rise above everyone else.

Yes I know some projects are trying to give the few the power and just a rearrangement of who the powerful are from the current monetary system. But since we are focused on SAFE then the fair system is the desired one.


I just skimmed through the answers and maybe I missed somebody already mentioning it, but the premise that Maidsafe could “forcibly push updates” is false. This project is open source, so there is no way to do anything forcibly.

If Maidsafe wanted to do something evil (which I believe would never happen, but let’s pretend for the argument’s sake) then it would be noticed by many, at which point a new governing body would raise up and compile a version that no longer trusts Maidsafe’s signatures.

It’s likely that the project will be forked into a number of different but, on the network level, compatible versions anyway. Most if not all such versions would keep depending on the upstream repository from Maidsafe, but their different requirements for integrating it would mean many independent eyes on the core code, so anything suspicious would be quickly discovered.