Releasing spammy was the toughest decision I’ve made while working in cosmos.
I think that the release is the lowest risk approach for all because I don’t think we would get to a fix otherwise. Releasing it ensures that everyone is able to contribute to the fix and have a full understanding of the issue. Frankly, I think we likely should have been releasing all of it from the start, because that allows others to check the work with ease.
Since we are not in control of repositories or a foundation treasury, there’s really no way for us to mandate anything.
Opinions on the severity of Spammy have varied dramatically, to the degree that keeping information close has been demonstrably harmful to reaching a fix.
So, why release?
- Everybody can be on the same page about capabilities
- Security doesn’t meaningfully change due to prior release of info
- The issue has recently been seen in the wild on the hub and osmosis
- others can weigh in on weather there is actually an issue at all
We are a decentralized and open source ecosystem, and it is quite possible that now that we are once again working in open source, everyone will be able to reason about the information in the reports and also be able to see the mechanism used.
I saw more and more information being released over time, and I felt that the denials were increasing risk.
So, the repository is now open so that different people and teams can collaborate fluidly on reaching a solution.
thanks to everyone who helped
-Jacob