Proposal 134256.
TLDR: I’m planning to reject. This proposal is asking the community to make unnecessary trust assumptions, allowing anyone with control over the 2igsz-4cjfz-unvfj-s4d3u-ftcdb-6ibug-em6tf-nzm2h-6igks-spdus-rqe principal to bypass the NNS and directly deploy anything to the II subnet.
Allow a principal controlled by the boundary node team to deploy canisters on the uzr34 subnet, which is required to install the rate-limiting and salt sharing canister.
A malicious actor who gains (or has) control over that principal could use this opportunity to action a DOS attack by consuming subnet resources (an expense would be incurred by the attacker - but not an impractically large one). There’s no way to verify the code that will be deployed to this critical subnet.
I trust DFINITY and therefore the 2igsz-4cjfz-unvfj-s4d3u-ftcdb-6ibug-em6tf-nzm2h-6igks-spdus-rqe that was announced. However, I do no believe that this trust is something that should be asked of the community (otherwise what’s the NNS for in the first place).
Presumably the missing verifiability functionality has not been prioritised because voters have been willing to offer their trust for matters such as this so far. By rejecting this proposal I hope to keep visibility on the lack of this functionality.