Proposal to elect new release rc--2024-05-09_23-02

Actually the privacy concerns apply even more for the system subnets. For instance, on the internet identity subnet a malicious actor could examine canister heap and make some analysis and guesses about the authentication of some user accounts. It’s not extremely dangerous but it wouldn’t be desirable either. Internet identity is used on many other canisters and subnets so I suppose a fair amount of data could be mined.

For the nns subnet, one could be concerned about the neuron info. Again not overly concerning, but it’s a risk.

What’s being discussed now as potential strategic activities is automatical subnet rollback in case an upgrade fails, and maybe read only (canary) nodes that could be upgraded to the new version before the rest of the subnet. Both approaches have pros and cons and both have development cost, so we’ll have to carefully evaluate them, considering other high priority development that engineers are working on.

3 Likes