Not responding to anyone in particular, but it strikes me that one can think about the case where a small minority (let's say H = 20%?) of nodes select the opposite of what Core releases (LOT=false, LOT=true). I'm ignoring the case where a critical bug is discovered in Taproot for reasons I could expand on if anyone is interested (I don't think LOT=true/false has much of a diff in that regard).
You'll note an asymmetry with LOT=true / false analysis. LOT=true nodes are clearly updated (or lying), LOT=false nodes may be un-upgraded (or however you want to interpret it).
# 80% on LOT=false, 20% LOT=True
- Case 1: Activates ahead of time anyways
No issues.
- Case 2: Fails to Activate before timeout...
20% *may* fork off with LOT=true. Bitcoin hashrate reduced, chance of multi block reorgs at time of fork relatively high, especially if network does not partition.
Implication is that activation % being 90%, then X% fewer than 70% of miners are signaling for Taproot at this time. If X% is small the increased orphan rate caused by the LOT=true miners will cause it to activate anyways. If X% is larger, then there will be a consensus split.
# 80% on LOT=true, 20% LOT=False
- Case 1: Activates ahead of time Anyways
No issues.
- Case 2: Fails to Activate before timeout...
A% + B% + C% = 20%
A% (upgraded, signal activate) remain on majority chain with LOT=false, blocks mined universally valid.
B% (upgraded, not signaling) succeeds in activating and maintaining consensus, blocks are temporarily lost during the final period, but consensus re-emerges.
C% (not upgraded/not signalling) both fail to activate (not upgraded) and blocks are rejected (not signaling) during mandatory signalling. Essentially becomes an SPV miner, should still not select transactions improperly given mempool policy, but may mine a bad tip.
(I argue that group B is irrational entirely, as in this case the majority has upgraded, inevitably winning, and is orphaning their blocks so B should effectively be 0% or can be combined with group C as being somehow not upgraded if they are unable to switch once it becomes clear after say the first 100 blocks in the period that LOT > 50%. The only difference in lumping B with C is that group C SPV mines after the fork and B should, in theory, have full validation.).
Apologies if my base analysis is off -- happy to take corrections.
My overall summary is thus:
1) People care what Core releases because we assume the majority will likely run it. If core were a minority project, we wouldn't really care what core released.
2) People are upset with LOT=true being suggested as release parameters because of the narrative that it puts devs in control.
3) LOT=true having a sizeable minority running it presents major issues to majority LOT=false in terms of lost blocks during the final period and in terms of a longer term fork.
4) Majority LOT=true has no long term instability on consensus (majority LOT=true means the final period always activates, any instability is short lived + irrational).
5) On the balance, the safer parameter to release *seems* to be LOT=true. But because devs are sensitive to control narrative, LOT=false is preferred by devs.
6) Almost paradoxically, choosing a less safe option for a narrative reason is more of a show of dev control than choosing a more safe option despite appearances.
7) This all comes down to if we think that a reasonable number of important nodes will run LOT=true.
8) This all doesn't matter *that much* because taproot will have many opportunities to activate before the brinksmanship period.
As a plan of action, I think that means that either:
A) Core should release LOT=true, as a less disruptive option given stated community intentions to do LOT=true
B) Core community should vehemently anti-advocate running LOT=true to ensure the % is as small as possible
C) Do nothing
D) Core community should release LOT=false and vehemently advocate manually changing to LOT=true to ensure the % is supermajority, but leaving it as a user choice.
Overall, I worry that plan B has a mild Streissand effect and would result in boosting LOT=true (which could be OK, so long as LOT=true + LOT=false+signal yes becomes the large majority, but would be not fun for anyone if LOT=true + LOT=false+signal yes are a small majority). Plan C most likely ends up with some % doing LOT=true anyways. D feels a little silly, but maybe a good tradeoff.
If I had to summarize the emotional dynamic among developers around LOT=true, I think devs wish it didn't exist because it is clear LOT=true *creates* the issues here. LOT=false would be fine if the LOT=true strategy didn't exist at all. But unfortunately the cat is out of the bag and cannot be put back in. To validate the emotions, I think it is fine to be angry about LOT=true and not like it, but we should either accept that it is most likely to create consensus OR we should find a new game theoretic activation strategy with better pro-social equilibriums.
Personally, I think with either plan the ultimate risk of forking is low given probability to activate before timeout, so we should just pick something and move on, accepting that we aren't setting a precedent by which all future forks should abide. Given my understanding of the tradeoffs, I believe that the safest choice is LOT=true, but I wouldn't move to hold back a plan of LOT=false (but would probably take mitigative steps on community advocacy if it looks like there is non majority but non negligible LOT=true uptake).
Cheers,
Jeremy