geigerzaehler
commented
4 years ago This may be possible with the sudo pallet, but if not, at least it will be a good base for alterations.
We should avoid the sudo pallet. It allows a valid author to impersonate any user. Instead we should provide only a dedicated message that updates the runtime code.
The runtime updates are possible with only one privileged key: the one set in sudo pallet.
We need to be able to require signatures from an arbitrary number of keys from a set of privileged keys.
This may be possible with the sudo pallet, but if not, at least it will be a good base for alterations.
This is a temporary trust improvement, the end goal will probably be making the network self-governing.