As far as SAFE upgrades are concerned, I think global voting is impractical.
We don’t vote to “start” the SAFE Network. Why would we need one to “upgrade”?
Technically, people already vote/agree the minute they installed a client and run a vault. If they no longer agree, they uninstall and go somewhere else. That’s as simple as it gets.
I’m perfectly fine with MaidSafe and or its successors auto-updating my Client/Vault. This is especially useful if they find a vulnerability and need to patch quickly.
I realize MaidSafe doesn’t want to be in “charge” of SAFE and that is okay.
Here’s a decentralized solution for them to consider.
SAFE Pods Multi-Signature Vote Required for Upgrade
1st Signature (SAFE Pod Troon)
2nd Signature (SAFE Pod Montreal)
3rd Signature (SAFE Pod San Francisco)
4th Signature (SAFE Pod Syndey)
5th Signature (SAFE Pod London)
If majority signatures 51% approve, the auto-update takes effect.
Of course they can adjust the details of how it gets implemented, but you get the idea now.
I prefer this way because the SAFE developers are more informed about an update/upgrade and can determine if it should be denied. This becomes more decentralized as more Pods join. That covers all your questions.