I see, thanks for clearing that up, I misread what Gavin stated. On Wed, Dec 9, 2015 at 12:29 AM, Gregory Maxwell wrote: > On Wed, Dec 9, 2015 at 4:44 AM, Ryan Butler wrote: > >>I agree, but nothing I have advocated creates significant technical > >>debt. It is also a bad engineering practice to combine functional > >>changes (especially ones with poorly understood system wide > >>consequences and low user autonomy) with structural tidying. > > > > I don't think I would classify placing things in consensus critical code > > when it doesn't need to be as "structural tidying". Gavin said "pile on" > > which you took as implying "a lot", he can correct me, but I believe he > > meant "add to". > > Nothing being discussed would move something from consensus critical > code to not consensus critical. > > What was being discussed was the location of the witness commitment; > which is consensus critical regardless of where it is placed. Should > it be placed in an available location which is compatible with the > existing network, or should the block hashing data structure > immediately be changed in an incompatible way to accommodate it in > order to satisfy an ascetic sense of purity and to make fraud proofs > somewhat smaller? > > I argue that the size difference in the fraud proofs is not > interesting, the disruption to the network in an incompatible upgrade > is interesting; and that if it really were desirable reorganization to > move the commitment point could be done as part of a separate change > that changes only the location of things (and/or other trivial > adjustments); and that proceeding int this fashion would minimize > disruption and risk... by making the incompatible changes that will > force network wide software updates be as small and as simple as > possible. > > >> (especially ones with poorly understood system wide consequences and low > >> user autonomy) > > > > This implies there you have no confidence in the unit tests and > functional > > testing around Bitcoin and should not be a reason to avoid refactoring. > > It's more a reason to increase testing so that you will have confidence > when > > you refactor. > > I am speaking from our engineering experience in a public, > world-wide, multi-vendor, multi-version, inter-operable, distributed > system which is constantly changing and in production contains private > code, unknown and assorted hardware, mixtures of versions, unreliable > networks, undisclosed usage patterns, and more sources of complex > behavior than can be counted-- including complex economic incentives > and malicious participants. > > Even if we knew the complete spectrum of possible states for the > system the combinatioric explosion makes complete testing infeasible. > > Though testing is essential one cannot "unit test" away all the risks > related to deploying a new behavior in the network. >