Thanks Steven for introducing this subject.
This is indeed a really compelling question if the community of bitcoin technical experts is in measure or not to reach consensus on covenants. Even if I disagree with a lot of the positions asserted within, this is always valuable to have that kind of conversation with the most dispassionate and disinterested minds.
First and foremost, I strong believe we should abstain ourselves to use expressions like “we as a community felt”, who is we ? who is that community ? and if you go to read any treatise on psychology, biological emotions and as such expressing “feelings” is one of the most subjective experience that one can have as a human being. The domain of subjective psychology is not necessarily the most compelling lexical fields when you have to argue on objective criterias for an audience who is geographically spread around the world.
Secondly, I strongly also believe we should abstain ourselves to use expressions like "Bitcoin soft-forks are clearly a unique technical and political challenge,”.
As said in reply to James on the mailing list which is still pending moderation, science and engineering != politics. The old bitcoin motto is "Vires in numeris”, which for the ones less used with Latin means “Trust the Numbers”, i.e all the cryptographic assumptions backing Bitcoin as a protocol and a network (Discreet Log problem, preimage-collision resistance for SHA256, Hashcash as a cryptographic protocol, etc).
That changing the Bitcoin consensus involves discussions, arguments and palavers with other human beings, yes this is a reality and otherwise there would be no one else with whom you could exchange few scarce sats of your stack. However, this is a social activity, e.g like a group of people who would play the different instruments of a musical orchestra, but it’s not a political activity, as it’s understood in humanities (e.g in postmodern theories, science has always been a unique object of its own).
If my memory is correct, myself I’ve only used the “political” adjectives 2 in my more than half-a-decade Bitcoin career, and the 2 times it was to denounce the kind of horse-trading show we often see on bitcoin core, where contributor A goes to review PR #1 in exchange of another contributor B going to review PR #2 (— they mutually benefit of merged PRs for their funding renewal, afterall…), under all very questionable technical criteria. Horse-trading show more or less documented in IETF RFC 7282, pointing this is not technically sound "rough consensus”.
Of course, that historically in Bitcoin some people involved at the crux of the development process of bitcoind, the original client, have tacken at times, or been deliberately ambiguous with trying to establish any sound guidelines, while at the same time having massive commercial interests on a specific technical outcome has been seriously detrimental for the credibility of the process of consensus changes.
Let’s remember the example of Blockstream, where folks have gone to raise venture capitals for $21M, publishing a sidechain with a proposed Bitcoin Script (e.g OP_SIDECHAINPROOFVERIFY) while the names on the paper had work experience with Mozilla and few other non-profits. At Mozilla, the Foundation is dissociated from Mozilla Corporation, and this was already true at the time in 2014.
I don’t remember that Satoshi ever announced the venture capitalist funding of the Bitcoin whitepaper on TechCrunch.
Instead the Blockstream people (Sipa, Gmax, Adam Back, Austin Hill), especially the engineers could have instead focus their time nurturing initiatives like Bitcoin Optech and its online-ressources and in-person workshops, or ensuring the old bitcoin mailing list hosted by the Linux foundation was moderated on neutral grounds, or building up on the work of Amir Taaki in maintaining the BIPs. All community activities building bridges in matters of consensus changes…
But no what we had instead is a kick-out of Gavin Andresen of its maintenance rights in 2016 (cf. laanwj’s blog post). Gavin Andresen and Mike Hearn, whatever all others judgements we can have on them, were technical builders and building communities. Somehow it turns out that Mike Hearn’s bitcoinj micropayment channels, which was Satoshi’s idea and of which the Lightning Network is only a sophisticated iteration, is what is certainly the most decentralized used second-layers, compared to “federated” side-chains.
All that said I wasn’t active in Bitcoin protocol development during the early days of the Block Size War. I wasn’t in Blockstream folks shoes and I might judge them harshly retrospectively without all the facts in mind. However, as said the adage "Error humanum est, perseverare diabolicum”.
So I understood Jeremy’s “hot take” at the time of CTV 1st activation attempt in 2022 when he was jooking on one of his blog post (I can’t remind which one exactly…) that current Bitcoin consensus change is like getting the blessing of a “Grey Beards Committee”. One thing about unaccountable committee, you’ll always find people to join them and do nothing, just here to take the periodic financial reward associated with the committed seat…
Thirdly, saying proposal OP_MNO or proposal OP_IJK has “funding”, be it for-profit, non-profit, commercial venture, whatever is very short-sighted. Bitcoin as a protocol is first a complex scientific endeavor and let reminds Theranos in matters of results on a highly-funded, scientifically deficient venture (cf. Theranos wikipedia page). W.r.t to non-profit sources of funding which can be driven with a more scientific perspective, if we exclude Jeremy the only independent names I’m aware off I’ve never contributed to bitcoin script code, themselves, even less on covenants, as far as I can remember.
Fourthly, on the statement that “while the opcodes in question are well-studied so the risk of unforeseen side-effects is small”, this is factually wrong.
As Gleb Naumenko researched in the past and I pointed out this research on the mailing list, extending the bitcoin script can break the current UTXO model and enable to have tx-withhold risks of time-sensitive transactions.
Here the blog post, drawing from Ethereum academic literature actually:
To put it plainly, an attacker could (1) set a tx-withhold UTXO with a time-sensitive txid and (2) have this UTXO paying out miners for each block or sequence of blocks the txid is not confirmed in the UTXO set and (3) double-spend the funding UTXO of a LN channel as “honest” lightning transactions have been withheld.
Fifthly, CheckTemplateVerify and its iterations has been around since more than ~6 years, it has been broken few times at least there was a change to integrate input in the template to avoid "half-spend” issues, as Gmax pointed out. Very strict template is easier to reason on if it does enable some kind of change in the UTXO model.
Sixthly, for the Taproot there was an extended evaluation phase, with more than ~ 2 years and half between the proposition of BIP116 (OP_MERKLEBRANCHVERIFY) and BIP117 (Tail Call Execution Semantics), the original Taproot proposition in 2018 and the open-to-all on IRC review process over a span of weeks. This does not make Taproot perfect, as few people noticed after the code was merged for payment pools, there was no commitment to the script-path internal pubkey oddness in the control block c. Everyone is free to come to point out defects that could arise from Taproot consensus code, existing consensus code even made for Satoshi has its own issue, as the dummy element for OP_CHECKMULTISIG taught it.
Seventhly, on the “Is it working perfectly and should it only be changed if its security is endangered?”. See the point above about tx-withholding risk and the "half-spend” issue that was found in the past about CTV. If bringing covenants in bitcoin is a real security risk, we should do no soft-fork, or delay until they have been more studied. Personally, if bitcoin dies next week, I’m lucky to have access to a wide range of other options to preserve my financial autonomy, even better than the average fiat billionaire.
This is not the case of a lot of people in war zones, in developing countries or who cannot access the mainstream 24 / 7 banking system because they are discriminated due to a social factor (e.g they have an exotic name), etc. Bitcoin is an alternative for the ones who need it.
edited: to correct my own english and add missing link.