Maintainer (achow in this case) should step down if PR really introduced vulnerability
In my opinion, this PR is pretending to fix Lightning vulnerabilities, while in fact it lets wide area of attack surface opened.
Sadly, you have to be a cross-layer expert to understand this and I’m not even sure the v3 PR reviewers sufficiently understood what they were reviewing and I did ostensibly call to test more this change. So it sounds like pure “security theater” in my opinion.
“Gradient" solutions are rarely acceptable in network security, as you’re just increasing the re-deployment costs for any future full and sounds mitigation.
I have not seen achow commenting in public on this decision merge.
Overall, calling to have achow stepping down is disproportionate, achow is one of the most reliable maintainers in my experience. However, having achow explaining more this merging decision in the present case would be very welcome.
reply