Oddbean new post about | logout
Kc | 10 months ago (raw) | root | parent | reply | flag +1 
 That's probably the only possible way. Fork from the previous version without the controversial change and cherry pick the security patch into it.
It's just that this might not be so easy, depending on where in the code both changes were made.
Meridian | 10 months ago (raw) | root | parent | reply | flag 
 This is somewhat of a weak spot, in my mind... 

Consider a contraversial update to Bitcoin Core, about which many node runners are on the fence, with respect to upgrading...

All it would take would be for a fake-news headline, claiming there to be a vulnerability (that didn't actually exist), and a large swath of on-the-fence users would panic-upgrade, to the contraversial latest release....
Kc | 10 months ago (raw) | root | parent | reply | flag 
 Could be. On the other side: Of the update is really so controversial, then there would also be a lot of other people who were against this update. And then there would probably also be some people who have the means and abilities to fork a Bitcoin version without that update.