Topic: Please list arguments against the idea of taking away Gavins' alert keys - page 2. (Read 3895 times)

Since no current member of core has been reported to have this key, that could become an awkward and most troublesome task.

If that were to happen, then as gmaxwell said, there would be a new alert that cannot be canceled and cancels all previous alerts that states "Alert Key Compromised" At that point, I would assume that the dev team would change the client to have a new alert key and simply not distribute that key to Gavin, thus solving the problem. However, that is not needed right now and is much more hassle to do because some people would have clients with the old key and some with the new. This means that if an alert was needed such as in the yesterday's problem, the same alert must be sent twice with both key's signatures in order to reach everyone.

What alerts would you not trust? Use your own brain. Obviously an alert such as "URGENT: Upgrade to Bitcoin XT NOW" should probably be ignored. Every legitimate alert sent out links to a page from here: https://bitcoin.org/en/alerts.

Well if Gavin keeps holding alertkeys then the whole alert system looses a lot of credibility because right now i can't trust the alerts since i don't trust Gavin but that only as a note on the sideline.

I still am looking for a justification why Gavin needs to hold said keys at all. Please someone provide that!

He just stated that it is kept a secret for security reasons and you start asking him question about it. Stop doing that.
Let me tell you how many have the keys: definitely more than 1; definitely less than 10,000. As for the part in bold, the simple answer is no. Why would someone tolerate that behavior?

There isn't a complete loss of trust for Gavin. You're pulling this out of a hat. I still trust Gavin and I'm part of the userbase; thus your statement is invalidated.
Enough with the Gavin is bad propaganda. If they think it is okay to let him keep them, then he should keep them.

Update: You probably don't trust keyholder Y, but you don't know his identity. It loses credibility for you, but not for the people who don't trust him.

So you're saying there are more people holding the keys than we know about? You further say anyone holding a key can disable messages?

May i ask how many more people hold alert keys (number of people we don't know about)? How many of the core devs do actually secretly hold alert keys? More or less than 50% of them?

So if Gavin would go rogue his alerts would simply be disabled by someone else holding the keys? What if the submits the alert again? Will it end up in an endless childish 'submit and disable' war between Gavin and other people holding keys?

All this still doesn't solve the issue at hand: the complete loss of trust for Gavin from the userbase and it also still doesn't justify why he needs to have those keys. So we're actually back to square 1 either way.

I still can't identify a single rational justification why Gavin needs to hold keys and commit acess. The truth is: there is no reason for it to be that way and that's also why 4 pages into the thread no valid justification came up other than "don't worry, we can disable that alert when it is abused" which isn't exactly an 'on topic reply' and doesn't represent a reason why he needs to hold the keys.

Translates to: "Gavin and nobody else needs to hold the keys because we can disable them when he abuses them" isn't an argument that's valid or made any sense because according to this logic you could give the keys to everyone on this thread and then some 500 people more just because "you can disable the message in case of abuse". So, no, that's not a valid argument.

Oh well... that video is hefty.   Did some minercorporation sponsor it? Though even then its plain stupid. A blocksize limit raise HAS to happen. At least in some years. Its stupid to force users to pay higher and higher fees and transactions stay unconfirmed. It would mean a big hit to the network since a currency that cant flow is useless. Miners would destroy their own eating ground.

Miners will get bigger fees. They shouldnt fear. They simply would need to enforce adoption and the more transactions happen the more fees will be collected. If someone really wants to restrict the network then this would not be a smart move.

By the way.. miners have all right to not include transactions they feel have a too small fee. When the users find that their transaction waits longer with a low fee then they will start to raise it. Simple as that.

And they fear centralisation? What do they think bigger fees will do? Surely companies that try to exploit it. It will not save decentralization. It cant.

A Bitcoin only for big transactions? Thats plain stupid. Bitcoin should be useable for everyone and every usecase of a value around the minimum fiat currency units. I dont know what kind ot bitcoin these users want but surely its not what satoshie wanted when he wanted to free the people from the banks. These bitcoiners seem to want to free the rich from the banks.

Ok, guess i understand bitcoin-xt fans now a bit more. Though i cant support him because i think he has a somewhat dangerous character.

At the end the miners will decide and it looks like the majority is for a raise at least. I mean the compromise with chinese miners.


Yes... blame the couch...

Sorry, but you are just wrong, all kinds of people say, that they don't want the blocksize limit raised ever. Look e.g. here:
https://www.youtube.com/watch?v=cZp7UGgBR0I

I even had a real life discussion about that at my local Bitcoin Meetup. The bottom line was: "No blocklimit raise, we need trusted third parties"

So, don't tell me, what I have read/heard.

To spare a little credit here; I'm unconcerned in part due to reasons that he was previously unaware of-- I think if I knew only what he knew, I would have been concerned. I'm thankful that people other than the development team are also thinking about these things and raising concerns; and I welcome it (though think it's much more productive if they're expressed in the most polite way possible; simply because adding emotion almost never makes a tricky situation easier)... it's just in this particular case I believe the concerns are adequately addressed for the moment, but I don't mind answering questions about it.

No he didn't.  Also gmaxwell is one of the core devs.  One of the people you trust implicitly (simply because they aren't Gavin), just told you there isn't a security risk.



Translation:  "La la la la la I'm not listening unless people agree with me".  For someone who takes offence at someone else acting unilaterally (despite the fact there's nothing wrong with him doing that in an open source project), do you not see the irony in your tirade here?  You complain that Gavin did something without everyone agreeing, yet you want to do something without everyone agreeing?  Cry ad-hominem ad-nauseam if you like, but please stop being a hypocrite.  There's no other word to describe it.



Thank you for bringing some well needed sanity to this otherwise deranged thread.

This happens in the sport world too.... When the team performs bad, the couch is blamed. The first thing the supporters of that team wants to see, is the head of the coach to be cut.

In this situation, it seems as though the Bitcoin coach is doing some side betting against his own team by coaching for the other team.

It is just natural for people to air their views and opinions for such behaviour. You cannot coach two teams playing against each other, it's counter productive for both teams. 

Yes, I estimate it could be corrected in under 5 minutes right now.

WRT result, the primary thing the alert does right now is triggers the error bar in Bitcoin Core and the alert notify output; which almost no one will notice. Past notices have had very little effect in general.

More or less incorrect on both counts. Yes, someone can send a message-- but that message can be disabled, locked out, and replaced with a key compromised method by anyone with the alert key.  For security reasons everyone who has the alertkey is not enumerated (so that someone can't attempt to suppress use of the alert key by targeting multiple people). Multiple people currently active in the project have the key, and there are also other security measures in place.

I hear your concerns. You're not the first or only one to express them; but I believe there is still a more professional cooperative way forward available and I think we should make use of it to the greatest extent possible.

Yes. Having an active core dev with the alert key might be a good idea. It's tough to justify everyone having the key except them. lol

If that is true also and no other core dev holds the keys then things need certainly to change there. This can't stay this way.

While this might be true the question remains why someone who actively undermines the Bitcoin network, its devteam and community needs to hold said keys.
Leaving Gavin with the keys is like saying one could leave his car unlocked in a highly criminal neighbourhood because if a thief would be taking it, the police would stop him.
You lock the car so the thief can't drive away with it regardless of possible countermeasures!

Gavin tried a hostile takeover, mind you.

We're also talking about commit access so Gavin would have to take a harder route next time he would want to propose changes. Why does he even need commit access when he would propagate software outside the orderly routes? He doesn't need commit access to propagate his alternative software.
 
He also showed already how he would not care to hurt investors confidence and cost everyone involved massive amounts of time with his controversial proposals. He further showed he is unable to do teamwork so he is likely a burden for Bitcoin and the rest of the devs. He will very likely waste more time and hurt investors confidence further.
I think it makes a great deal of sense to make it harder for him to repeat these things on this or on another issue in the future.
If everyone of the core developers would behave in the way he does there wouldn't be a bitcoin after very short time. We do not want to support devs who try powergrabs and hostile takeovers. Why should be tollerate it? Why? One single reason, give me just one!


Basically for the amount of misconduct he has been showing lately he is holding far too much authority.
Also Hearn said on 'epicenter bitcoin' show he would like Gavin to revoke commit access for the other devs (https://youtu.be/8JmvkyQyD8w?t=47m37s). I think this was an outrageous thing to say.
After we have been hearing this we do know with all certainty that Gavin definately holds too much authority over a software he actively attacked from the outside.

Gavin in my opinion has become a hazard for the productivity of the devteam and the coin itself and that's why we should think about taking keys and commit access away to prevent further issues.

Even if the alertkeys would be removed entirely Gavin would still remain a security issue and certainly cause more headache with the access that he has to github.

Again: his behaviour is unacceptable and can under no circumstances be tolerated because if we let him get away with this other devs would possibly repeat this aswelll as Gavin would too.

We can not tollerate an attemtpted hostile takeover by a core dev ever because if we would we'd certainly face more trouble later as this repeats and possibly intensifies and evolves into new directions. Gavin basically brings disorder to Bitcoin.

----------------

With all that said:

So far i can not identify new arguments or valid concerns against the proposal. Actually nobody seems to be able to justify why Gavin would need to hold the keys or have commit access.
Some people don't like the proposal but somehow almost no rational arguments were brought forward why he (and nobody else) needs to hold said keys or why he would need to have commit access.

Here are the past alerts:



Basically, the person(s) with the alert key possesses the authority to instruct bitcoin users to update. So strangely, at the moment, a man that vanished 5 years ago has that authority as does a developer that has apparently broken away from core. Yet, to the best of my knowledge, no remaining core dev has this key.

Rhetoric alone cannot solve this problem.

Thats a good info gmaxwell. I guess a fast reaction is almost certain then.

Though i wonder if it really is so useless. Didnt it help once with the alert when accidentally a fork was happening? The results werent so impressing?

We don't really use the alert mechanism, and many of the contributors to Bitcoin Core would like to remove it-- because the value it provides is very low, relative to the administrative overhead we receive in terms of people justifying non-starter proposals based on it (e.g. wanting to use it to remotely control miner default behaviour) or just the cost users have in reasoning about its security implications for them.

That said, there is very little potential for abuse, because if a bogus alert is sent a special alert can be sent that disables further use of the alert system erases all other alerts and sets a static alert key compromised message. As a result, active misuse is already effectively constructively disabled.

And all without fanning any extra drama.

The thing is, coding for one project doesn't automatically preclude someone from working on another.  If, hypothetically, some serious security issue was found in core tomorrow, you can bet that Gavin and the other developers would all most likely be on the case working on a fix.  Once the new code for the fix is reviewed, an alert is sent out to notify people about the update.  It doesn't really matter who sends the update.  If Gavin is still happy to do it, there's no reason why he shouldn't still be able to. 

The issue I have with this thread is that the OP is basically proposing outright censorship to protect our community (who apparently can't be trusted to think for themselves) because a developer dared to commit the (apparently egregious) crime of displaying independent thought and having a mind of their own.  The OP feels strong indignation at this supposed betrayal for reasons that still make no sense.  Despite not signing any formal contract, all core devs must agree to forego independent thought and act as a hive mind at all times and agree on everything for the rest of time.  Refusal to comply with this means you must be cast out.  At least in whatever delusional dreamworld the OP is living in, anyway. 

So basically we arrive at the situation where any time someone disagrees with the actions of a developer we have to decide whether to 'vote them out' as if this was some sort of mindless reality TV show?  It's ridiculous. 

You cant say that people are against an increase only because most community members dont want to do haste things. Gavin acted like if we would meet the blocksizelimit tomorrow. Graphs were posted with exponential axis values that let it look like blocks are already 90% full now and other things.

The thing is that all the other developers see the problem. They only wanted a discussion about the best solution. And as far as i see it nearly no one is against a change in the future, when it becomes a problem. Though most think we have at least time to find the best solution.

You cant say so many are against it only because they dont want to follow gavins idea that we have to do it now, instantly, and the way he wants it. That this behaviour brings up resistance is normal.

So i would prefer when you say that people are against doing it the hasty way. Its not true that the ones that dont support gavin doesnt see the need of an increase. The problem is only the when and the how.