We appreciate the feedback that has been brought up today in this recent article regarding the setup of the EOS BIOS Boot. We would like to take a moment to address it. We encourage and value any and all responsible disclosure of critical security issues.
As per the video titled "The Hooks" posted May 12, 2018, Alexandre clearly explained this is a setting that should be disabled, (or properly proxied if a Block Producer's infrastructure is built to securely manage this), before launch of the mainnet. As mentioned in the video at [4:14], we had left it open to allow for testing needs during this testing phase before launch. We had recommended that these should be disabled.
Following this feedback, this default configuration has been removed from the sample configurations we offered. Many Block Producers are reviewing the code and we highly appreciate that. We would like to re-state that every Block Producer is responsible for their infrastructure and that, as with any software, the default configuration might not be what you need for production environments. We are doing our best to share our knowledge openly and strive to be an active contributor to an open and collaborative community.
EOS Canada is very committed to working alongside Block Producers from across the globe to reach a successful, efficient, and secure launch. We invite more Block Producers to participate in the orchestrated launch by reading through the eos-bios repository documentation and videos.
This afternoon's call was a great example of the antifragility of the EOS community, where the 20 Block Producers present agreed on the course of action to build a stronger and united launch over the coming days. This remarkable collaboration is directly aligned with our values and can only strengthen the global EOS ecosystem.