We wouldn't if you didn't sometimes come across like such a Doos. Ek speel maar net.
lol, net 'n grappie, ne?
That said what would be the benefit of Evan putting malicious code into his project? Or anyone else from the dev team? Also as they can be rolled back by other members of the team any such theoretical attack from within could hopefully be negated?
Speaking purely hypothetically? The benefit would be when he's cashing out and he needs one-last-pump.
BTW: the effects of the backdoor can be observed in both cases when it is used, and not any earlier. So there is really no difference in that regard. The forking is of course possible, but that is easily observable, too, or am I missing something?
Well, imagine he obfuscates the code such that it only activates on a successful deactivation of an existing spork. Then it lies dormant until he reaches out and touches every node with His Noodly Appendage.
Wrong.
The spork is merely a secondary lever, not a magical "activate terrible code"-button. A malicious Monero developer for example could implement "underhanded code" into your official GUI-wallet release (you know, in 2045 or so when it's finished) with the simple instruction of having it activate when certain conditions are met, like a date, a block height, a difficulty level, even a certain transaction amount or a combination of any of these conditions. Heck, for all I care he could program his own spork as underhanded code into your release and create the same exact scenario you just tried to reduce onto DASH.
As you can see, your central argument has been easily refuted, making Dash just as vulnerable to that method as any other crypto. Not more, as you tried to construct. Nice try though.
The majority of those conditions (dates, block heights, difficulty levels, transaction amounts) would be easily visible even in heavily obfuscated code. Furthermore, activating at any of those junctures may be sub-optimal for our hypothetical malicious dev's needs. Being able to trigger at point-in-time is incredibly, incredibly powerful (in the negative sense).
Anyhow, this has been an interesting conversation, and I've appreciated the more mature responses from toknormal et al., but I think it's best to shake virtual hands and move on. Cheers:)
