So lets say we achieve this and some developers develop the next big feature of SAFE. It goes through the SAFE network like a dose of salts and everyone is happy at the new feature.
But what if some other “evil” developer develops a new feature that looks terrific but is in fact a privacy and/or security breaker and introduces it the same as the “good” upgrade. The code shows no backdoors etc but hidden is a timebomb, also a upgrade breaker
How does the system tell the difference? Does the upgrade have to be “signed off” by noted developers who are trusted???
If introducing external upgrades automatically to the network as per the good developers develop new feature, then bad upgrades can be also done this way, unless there is some authorising method??
Your thoughts?