Wow. I’ve been waiting for this discussion, not because I have any solution but because it seemed inevitable.
From looking over the thread, it seems that there are some parameters that have not been defined.
Most notably, who or what gets to “decide” whether or not an update is accepted. To establish that I think we have to back off and look at who or what can actually hold the “lever of change”.
This roll certainly can’t be in the hands of the End User, as far as I can figure, meaning “the person who uses the network via a Client to access data and communications.”
So then we step back to think about the owner of the resources being donated to the network, the Farmer. The problem here is that, generally, Farmers are just people who have computers. No technical discrimination or even ability to really view what the software running on their machine is, much less the ability to judge what’s going on.
David Irvine has stated in a number of interviews about setting up a sacrificial vault to run a new version in parallel and only be accepted if it performed better than the existing one. So we’re finally discussing the nitty-gritty of what that actually means. This is THE nut to crack if we’re talking about a truly autonomous network. (You mean David doesn’t already have this point solved? Scary thought, actually.)
This all boils down to “What is the mechanism, the switch, that allows vaults to change behavior without being rejected by other vaults?” If a Vault can change behavior without being rejected, then a change in function could propagate through the network.
Is that switch controlled by the logic at the Vault level? Or is it controlled by a cryptographic key applied from an external source? The argument branches depending on the answer to these two questions. So, @BenMS, which is it?