Adding mandatory "Security Considerations" to EIP-1 #1963
Conversation
|
What's required to merge this? |
@tintinweb I think merging this change to EIP-1 without a guideline may not be the best idea, because right now it is very vague what would be considered an appropriate content for the section. |
|
Oh I thought this has been merged already 😄 @axic at this time we intentionally leave enough freedom on how to write the security considerations section. We want to make security an explicit part of the EIP process without adding too much overhead or burden on the proposals potentially impacting their creativity. The initial guidance for referees (phase 1) is to reject EIPs that do not consider security at all or are blatantly failing to deal with it. That's already more information in a digestible way and way better than what we have right now. It will also allow us to take the security considerations texts in EIPs as an input to create tailored guidance on how to deal with this section (phase 2; both for proposals and referees) The situation as is with a security discussion not being an explicit part of the proposal clearly puts the process at risk and does not really foster trust in a secure change management for the core layer of the system. Already collecting the security discussion in a specific section would be a first step. For reference: the initial proposal that was presented included further guidance - still lightweight to leave enough freedom - and after the core-devs meeting berlin it was decided, as a first step, to go with merging the section only, as soon as possible, learn from new EIPs and provide tailored guidance based on how it is being used or misused. Alright, so let's push this forward. How do we proceed (//ping @axic @bmann 😄)? This PR's been open for quite a while now and I must confess it unfortunately dropped off my radar but it is back on now 😄 What is the minimum requirement to get that in asap? How do we agree on that? Who decides? IMHO The sooner we allow space for security discussions in the proposal, require to deal with it in some form and make it easily available for reviewers the better. cheers, |
|
Rough consensus is required ;) @axic can we take discussion to https://ethereum-magicians.org/t/eip-mandatory-security-considerations-for-eips/2839 https://ethereum-magicians.org/t/eip-mandatory-security-considerations-for-eips/2839 @tintinweb you may also want to promote the discussion link and ask people in the security community for +1s, as well as put it on an upcoming AllCoreDevs call agenda |
|
Discussed in All Core Devs call : ethereum/pm#111 (comment) Final consensus is to add the security consideration section to EIP1. |
tintinweb
force-pushed
the
security_considerations
branch
from
f4d5dd7
to
3ac01cc
Compare
|
good to merge. // rebased off master to resolve merge conflict introduced by changing the templates name from |
The link points to ACD#65. Looking at that I do not see any "final consensus" nor decision made. |
I believe the decision was made in the last minutes of the meeting (1:34:12), but may not have been documented properly. Security Consideration is already part of some of the new EIPs: e.g. EIP-1884 |
Just listened to the audio. Nitpicking: I do not hear any explicit consensus, rather just disinterest by nobody saying anything. From the EIP:
However my earlier question was not answered about providing some kind of guidelines. How would an EIP editor decide whether the EIP has an insufficient section? |
|
Hi @axic, We've presented this at the CoreDevs meeting in Berlin this year and finally to the referenced CoreDevs call. There has been plenty of discussions before the meeting, after the meeting, some discussion on eth-magicians (referenced in this issue) with the overall sentiment being positive. The proposal hasn't changed since then.
I believe what I would interpret as "rough consensus" (#1963 (comment)) has been achieved after 1:35:13 with one member saying ship-it (no that wasn't me 😄) followed by an explicit request for comments. No objections were raised. The call was closed. Given that the change does not appear to be very controversial I would assume that this is sufficient, but happy to discuss otherwise.
Security should be one of our core habits and naturally built into our processes and I was wondering why it is not explicit in the current one. Merging this change does not necessarily mean that it should put an extra burden on anyones shoulders - hence the lightweight approach allowing an EIP editor to reject submissions that do not explicitly outline security considerations AND optionally allow to reject submissions based on the EIP editors expertise. This is intentionally vague, based on trust and the EIP editors expertise. Once we learn how this section is being used we all-together will be able to derive more precise instructions for EIP editors and authors. Ideally we would get this in as soon as possible for the sake of manifesting security rather sooner than later as every new submissions that does not explicitly deal with can be a lost chance of preventing potentially severe consequences to our ecosystem. I believe this is something we all agree on.
That said, stating that there was disinterest in building security into our core processes is not something I would sign. Actually, from my experience the opposite is the case. Both app-devs and core-devs care a lot about changes and especially about the impact. Some more explicit than others. This change aims to make it explicit for everyone. Ultimately it is up to the community to decide if it makes sense and naturally I am open to any proposal that allows this to go through more easily or counter arguments why not to have it. cheers, |
|
I don't have time to comprehensively respond, but here's one thing:
and
The EIP editors are not required to have any technical expertise to judge each of these topics. They are merely editors for syntax and formatting. That's why giving no guidelines for the editors may be problematic. |
Alright, got it! Would you suggest to remove the second part of the instruction that implies that EIP's that are not sufficiently dealing with security may be rejected? Here's the controversial part of the change:
|
Having had some time to think about this and here are some comments.
|
|
@tintinweb can you please respond to my last comment? I'd really like to have a resolution on this PR. |
|
@axic sorry for not getting back to you earlier and thank you for your feedback. This is so valuable and highly appreciated 🙌! ad 1. I would want to avoid creating too much of a mess because of this change. If possible I'd suggest to require it from the point on this PR is merged. Even though this might add unwanted complexity it should be fairly easy to add this to a validator script. (Afaik this is also how it's been handled in the RFC process) ad 2. this is excellent and makes it more clear now 👍. I have amended this PR to address your feedback. Let me know if you think it requires further clarification. Thanks! |
|
@Arachnid @Souptacular @gcolvin @nicksavers any opposition merging this? If not, I'll merge on Wednesday. |
|
I'm merging this, since this was discussed on an ACD call months ago and nobody objected here nor on the call. |
* add mandatory "security considerations" to EIP-1 and template EIP-x * security considerations: clarify wording and process * security considerations: update eip-1 * Add updated date to EIP-1 Co-authored-by: Alex Beregszaszi <alex@rtfs.hu>
* add mandatory "security considerations" to EIP-1 and template EIP-x * security considerations: clarify wording and process * security considerations: update eip-1 * Add updated date to EIP-1 Co-authored-by: Alex Beregszaszi <alex@rtfs.hu>
Hi,
As discussed during Eth 1.x Berlin meeting we propose to explicitly build security into the EIP process by adding a mandatory "security considerations" section. This is a follow-up action-item to the meeting as referenced by https://github.com/ethereum-cat-herders/PM/issues/44
process changes:
EIP-1(see templateeip-X.md)relevant discussions:
follow-up
cheers,
tin