onflow · turbolent · Nov 15, 2023 · Nov 15, 2023
@@ -0,0 +1,120 @@
+
+# Nov 15th, 2023
+
+## FLIPs
+
+### 179: Staged Contract Updates
+
+* FLIP: [https://github.com/onflow/flips/pull/179](https://github.com/onflow/flips/pull/179)
+
+* Overview:
+
+    * Contract mechanism to define contract update deployments and execute updates in stages at/beyond a block height. Execution can also be delegated to a third party via Capabilities
+
+* Status:
+
+    * Approved
+
+### 217: New behavior for attachments with entitlements
+
+* FLIP: [https://github.com/onflow/flips/pull/213](https://github.com/onflow/flips/pull/213)
+
+* Overview:
+
+    * Current attachment feature, requiring entitlements, allows third-parties to "sneak in" permissions into the base value
+
+    * Proposal removes entitlement requirements, entitlements are derived from reference on base
+
+    * Simple compromise
+
+    * Tradeoff between power and safety. Only use-case that is no longer possible is read-escalation
+
+* Status:
+
+    * "Audit" from security researcher
+
+    * No open problems, proposal is complete and looking for feedback
+
+* Next Steps:
+
+    * Accept unless there is no further feedback until end of next week
+
+## Other
+
+### Cadence 1.0 feedback
+
+* Austin reached out to community, asked for awareness
+
+    * Very little awareness
+
+    * Surprise of breaking changes
+
+    * Breaking changes are not that big of a deal
+
+    * But fact of breaking is scary
+
+* Going to talk to top 20 projects, with Andrea and Albert
+
+    * Awareness
+
+    * Get feedback
+
+    * Support
+
+* Have not "advertised" it much so far
+
+* With rollout plan and environments, tools, etc. "ready", more announcements
+
+* Cadence 1.0 hackathon? (both projects and bug hunting / bug bash)
+
+    * Example: OpenSea Sea Port bug bash
+
+* Cadence 1.0 office hours
+
+* Incentivize update?
+
+* Blackout periods? Awareness through disruption
+
+    * TN
+
+    * How to even do that on MN? Downtime would be brutal
+
+        * Maybe depend on update staged?
+
+* How to amplify message?
+
+    * In tooling like CLI, Emulator, etc.
+
+    * In tools/projects like Flowdiver
+
+    * On Website
+
+* Should not hide / make it very clear that this release is breaking
+
+    * But also explain why the breaking changes are made (security, features, locked down contracts, etc.)
+
+### Cadence 1.0 migration plan
+
+* Had breakout session
+
+* Use Sandboxnet, clean network
+
+    * Run pre-1.0 for a while, allow community to seed the environment with contracts and data
+
+    * Then switch over
+
+* Is a clean Sandboxnet with 1.0 adding much value over Emulator?
+
+    * Not really? For most developers Emulator is enough
+
+    * Some developers don’t bother with the Emulator, go directly to TN
+
+    * Some projects are relying on other projects (e.g FIND on FLOAT)
+
+        * Difficult to have all dependencies deployed themselves in e.g. Emulator or even SN
+
+    * Bringing up clean SN is not much effort
+
+    * Bringing up SN from TN state is a lot of effort
+
+    * "Seeding-period SN" solution good tradeoff