On Wed, Sep 30, 2015 at 3:56 PM, Mike Hearn <hearn@vinumeris.com> wrote:

> Field experience shows it successfully delivers new features to end users
>> without a global software upgrade.
>>
>
> The global upgrade is required for all full nodes in both types. If a full
> node doesn't upgrade then it no longer does what it was designed to do; if
> the user is OK with that, they should just run an SPV wallet or use
> blockchain.info or some other mechanism that consumes way fewer resources.
>
> But if you want the software you installed to achieve its stated goal, you
> *must* upgrade. There is no way around that.
>

It is correct that security is slightly reduced for full nodes that have
not upgraded.  It is not correct that the choice is binary, full node or
SPV.

Any user running a not-upgraded full node still retains protection against
many attacks outside the subset related to the feature being introduced.

The field observable end result is that we do receive new features, secured
by hashpower and user full nodes, via soft fork, without a global flag day
upgrade.

Yes, a flag day hard fork upgrade is cleaner and results in higher security
due to the entire network validating the new rules.  However, the
difficulty of executing hard forks would mean fewer total features to
users, if that route were chosen instead.