You are viewing a single comment's thread from:
RE: Do forks with fallback - my HF21 wish
I understand that the witnesses are auditing the code themselves but perhaps there should be some professional auditors that independently do that part of the job as well as professional testers on the testnet. In my limited experience testing for Nokia, there was a reason they outsourced it to us and it wasn't price.
There is a certain confidence blindness in coders as well as when it is a tight knit group, a certain amount of social consensus even though there might be misgivings from individuals. This also could highlight a need to spread the top 20 to the top 20 core and the next 20 with all responsible for audit.
It would be more expensive but less so than continually being forced to rollback because of oversights.
I would hope our witnesses would be professionals, after all, it is a paying job, by that definition they are professionals our should conduct themselves as such.
there is a difference between professional coder and code auditor though and often a difference in the way they look at the code. Having it independent also means that they aren't coloured by social dynamics or any particular outcomes. It is their job to find errors, not make sure it works and that often takes a different set of eyes.
Interesting. Do you know if other blockchains use this "service".
No idea but auditing code is common practice in most tech industries (it is a boring job) as it is like looking for spelling mistakes in a text. The testing I did was localisation for languages and it doubled as test service that ran specific test cases to look for errors.
Here, it might not even have to be as formal but I wonder how many witnesses fully audited it considering it had so many massive issues and then, in a couple weeks, how much of the testnet could be thoroughly tested. From my limited understanding, there is a fair bit of complexity and a lot of things that can easily be overlooked so, having fresh 'less' biased eyes limits risk a bit further.
Yeah, I hear you. I've heard many witnesses suggest they don't even try to audit the code. It is frightening. :)
Quantstamp audits blockchain code for tokens. Presumably they have some clients. They might not be able to do it for STEEM since we aren't an ERC20, but where there is one, there may be others who are more broadly focused.
Interesting and interesting further discussion. I like this idea. The problem is in payments I think. Witnesses are incentivized to witness, but who incentivizes the testers?
Maybe Utopian could step forward to lead that, in collaboration with another group, even Stinc