Sandblasting & NU5 Retrospectives

During the next few 21:00 UTC slot Arborist calls (starting on 30th November), we will conduct a retrospective of the Sandblasting attack and NU5.

The list of topics we want to cover includes:

  • Sandblast attack post-mortem - 30th November
    • Specifics of the attack (phase 1: sapling/orchard, and phase 2: dust)
    • Our response to long-running attacks
      • Who is responsible for responding to attacks?
      • Who is responsible for monitoring the network?
    • How to avoid similar issues in the future
      • Links to tech debt discussion
      • e.g. Red team?
  • NU5 Timeline
    • How timelines were changed
    • Different expectations of different teams
  • NU5 Scope
    • Complexity budgets & emergent complexity
    • Pre-activation & post-activation work
  • How we deal with tech debt
  • External constraints
  • Meta / cross-discipline issues
    • Effects of the sandblasting attack on NU5

If you have suggestions for other topics we should cover as part of this process, or have any relevant data you want to share, please post it here!


The Bootstrap board has notified the ZF board that ECC/Bootstrap will not be participating in the planned retrospective discussion at this week’s Arborist call, and that they wish to schedule a separate call with independent moderators/facilitators.