I’m still puzzled as why the bottom 4 has to leave whatever happens? Can’t it be bottom 2 ? Or even none? Here it means we have to find 4 new signers every six months. This sounds absurd (talking about Option 2). I am personally against Option 1, but Option 2 sounds even worse…
How did we get to this
You were the one who proposed it…
Your counter proposal wasn’t so much detailled, and what’s the point of it if we’re not kicking inactive signers ?
Feel free to reformulate your suggestion properly & I’ll repost if needed
First of all snapshot proposal are not editable.
Second of all i am trying to say that kicking for the sake of kicking doesn’t make sense.
Bottom 4 are not necessarily inactive. What if we have 8 good signers ? Do we kick 3 just for the sake of kicking? So we have to pray the new 4 are as good.
Asking for bottom 4 to be re-elected would be better no? If you really want to kick people, maybe the bottom one?
I can delete & repost since you’re saying its incorrect.
It’s not, especially not in option 1 which evaluates every signer on the full period & removes the bad ones.
They are quite often these days, but sure not always, and luckily.
As answered the first time you asked, if we find a committee so perfect that no one should leave, we can just update the framework with a PIP but seems unlikely.
So your proposal is keep top 4, middle 4 recandidate, and bottom one is kicked ?
Yes it is. Thank you
Ok so very similar from the Option 1, except it doesn’t fit our current needs since you said yourself not later than today in msig chat that 2 should be kicked for sure, or am I missing something ?
I give up. Please leave the proposal as is. Each interaction is obviously a loss of time and energy here.
I’m sorry, what ?
Trying my best to understand your point here.
I come a bit late, but as i agree we need to find the most efficient team to manage community multisigs, i have some concerns:
This proposal aims to change a system that little people outside of actual signers are aware of.
It would have been nice to have detailled statistics on the % of tx signed for each signer, the number of tx created, the average time a tx takes to be signed+executed, …
As others said before i don’t think allowing more than half of signers to be changed at once is a good idea, as it can lead to a takeover. Even if its very unlikely to happen i’d prefer it to be impossible.
Lets say the 3rd and 4th have the same sign rate, what happens ? both need to re-candidate ?
Is it the same with procedure with with the 7th and 8th ?
This rotation system needs to be limited in case the “perfect enough team” has been found. If some/all sign rates are close to 100%, lets say over 80%, i don’t think it would be wise to “kick” someone, just because he missed a few txs.
What happens if no one wants to replace the signer being kicked ? Do we operate a MS with less signers ?
If the technical profile is being kicked and not replaced, will the other signers be able to execute all the transactions ?
When do you plan to start this rotation ?
Overall i think a rotation system is a good idea, but this proposal is missing a lot of key points.
To answer some of the points i propose a 3rd option
At every period the commitee will:
After those steps the community will vote how many signers are “at risk” and should re-candidate, starting from the bottom of the list.
By default only 3 signers can be replaced a once, with the possibility to increase to 4 in case we have a lot of applications.
Then a vote will be casted to replace missing seats.
Note: signers wishing to quit will be at the end of the ranking
Gn, thanks for the detailled feedback !
Considering it’s now clear that a consensus hasn’t been reached on this post despite being live for discussion since two weeks, I deleted the snapshot posted earlier so we can adjust with the right options.
Indeed, very good point. I calculated these before doing this proposal & was aiming to post it once updated to date in the next PIP, but I can share the draft here to give an idea (I did that on January 10 so results might be different now: PIP-XX: Multisigs Signers Rotation - Google Docs
Also I didn’t posted because it follow the methodology proposed in this PIP so was waiting to see if it was approved.
I get it, so you’re saying that there should never be more than 4 switch at the same time right ?
In this case it can be added as a rule in Option 1, which aims to rotate only 3 or 4, but had the possibility to change up to 6 in the event where there was 3 bad signers & 3 that want to leave, or 4 bad & 2 that want to leave, which I agree can be risky even if highly unlikely.
Adding this rule could mean that if there is 4 bad signers, no one can resign (in theory as you can’t force ppl but they would just be inactive). & if there is 3 bad signer, only one can resign.
This prevents any possibility of takeover since the multisig requires 5 signers.
For which option ? Again it is highly unlikely that delegate have the exact same rate up to decimals, so there is always a way.
In option 1, only the 4th would need to recandidate (and would be most likely reelected), on option 2 he would be kept since if I understood right since the goal was keep 4, recandidate 4, kick 1.
For 7th/8th, it’s mentioned in the proposal above for option 1, & both need to recandidate in option two ig.
Agree, and as mentionned twice above, if this is found we can update the framework with a PIP.
Iirc what was suggested since you can’t force ppl to participate, it would be to ask active signers to be more active, to compensate the ones that wanted to leave but couldn’t yet.
The proposal was saying that there should always be a core team member with technical profile so it would not be kicked if there are no others.
As for ability to create the transactions, I’m launching a good part of it, not all but shouldn’t be too complex so if explained any signer could do it.
As soon as this PIP was approved, as mentioned in the post (before means section)
Yes of course, that’s the goal for every rotation proposal as done in the gdoc.
This joins the rule I mentioned above in this comment, which can be implemented in option 1 without issue so no need to over complicate, we can even probably reduce to one option if we all agree on the above.
Thanks again for the detailled msg, appreciated.
Seeing how the participation %age is calculated in your doc, there is a flaw, as this way of calculating the participation of signer will never bring a potential “best” signing team with 9 active signers, simply for the reason that 99% of the time we only sign the tx to reach the 5 signature threshold, and do not oversign them.
Which mean in a case were on 100 txs, if all signers participate in a best case scenario, we’d have all Signers around a 55% participation, which would not reflect how efficient each Signer would be.
Instead, we can consider a score based on what percentage each Signer signed vs the top Signer number of signature. So if the best Signer signs 50 txs, and the 2nd one signs 45, his score should be 90%, and if the 3rd one has 45, his core should be 84%.
That way, in a case were we find a configuration of Signers that is balanced enough and active around all timeslots we need, this scoring logic should show a good score for Signers, allowing to demonstrate the configuration is optimal for the moment, and prevent from having to kick/re-elect and risk the possibility of replacing an active signer by one less active.
Not sure I understand why the calculation method is incorrect:
I took the total amount of txs executed over the period, extracted the total of transaction signed per signer & calculated the % of tx signed for each based on the total.
Ofc we don’t oversign but it’s normal, this way of calculating just takes into account who was the most reactive signers. I guess if there was really 9 active signers & all were at the same % it would mean that we’d never get stuck but not sure if it can happen in practice.
I get it & see it as another method to calculate it but i think both are ok, and as I was curious about the results I just checked (if I understood it properly):
It gives pretty similar results but exactly the same, probably because it assumes that the amount of tx of the first signer is 100% (which is not true) and which creates a small difference as we can see here:
So overall I think both methods are fine but I don’t think mine is wrong (or maybe I misunderstand something which is totally possible)
Didn’t mean to call it wrong, just meant to say it would be the wrong way to estimate a real efficiency in Signers.
And ofc there is no miracle solution for this, but yeah we can use both calculation methods, as they would give a similar result in scenarios like this one were a few signers are highly more active than a few other ones, but might bring other interesting results in scenarios were Signers activity is more evenly distributed.
Not sure actually, because if I got it right the only difference between the two methods is that:
But I also checked with a distribution of the same signing rate for each (50%) so perfectly evened. Since your method assumes the first is 100%, if he has 50% actual signing rate over the total executed (which is really bad for the best one), then all others will just assume 50% of tx signed is the total & so they will all be at 100%.
So overall might be your method that would prevent from finding the perfect signers set if things are more balanced no ? Even if in theory it’s not possible that all signers sign the same amount of txs since we’re not oversigning
well, the method I proposed is aimed to show a set of Signers that have a balanced enough participation rate between all Signers. Coupled with the basic %age of total txs calculation method, it should show how effective a set of voters is during a given period, and would also allow to see the effectiveness of Signers between themselves in another scenario:
→ the case were 1 Signer out of the 9 is overly active (for example creating all the txs, so sure to be counted as signer on each tx for the period we observe), but the other 8 as evenly active between themselves, they would show a lower %age of participation on the global number of txs (~50% participation for each, and ofc 100% for the lead tx creator), but by excluding the Signer that was the tx creator for the period, the calculation method would show the 8 other signers were evenly active between themselves, and would present an “optimal enough” set of Signers (ofc based on the overall activity and responsiveness too).
But since the base of the calcul is on an assumed (and wrong) data being that the first signer has 100% signing rate even if he has 50% effectively, all others will be at 100% with this method even if they are all at 50% effectively, and that’s the same with any effective %.
Since the first one is biaised, all others are too. If effective rates are highly unbalanced, your method shows a small difference. But the more it gets balanced, the more it’s away from the effective data from my understanding.
It depends, do we want a set were some Signers have the closest possible from 100% of participation on all txs, meaning some other Signers are close to non-active, and when the highly active Signers aren’t available, everything gets stuck (like we experienced lately).
Or do we want a set of Signers were there is no subset highly active, but rather a full set of 9 that is evenly active (and potentially with small reaction time), meaning all needed transaction can be passed at any needed time of the day or week, even if some are fully unavailable?
My calculation method, and the example I gave after, is aimed to find that 2nd type of Signer set, which is imo the post efficient one we could have
That sounds highly theoritical and very complex to achieve imo, but it would be ideal for sure.
I do believe we need a lead (& potentially a co lead) in charge of managing most of the txs, and in this case it’s impossible that all are evenly active (but that’s a topic for another proposal imo).
It will always take more time to the people(s) that are creating the transactions rather than the ones verifying & signing it, and it will never happen that everyone creates tx, most signers are passive on this front.
