Recently a big snafu was made about changes to the BIP 85 repository. For those not familiar with the BIP, it's a very simple scheme to allow generating new word seeds from a derivation path in a pre-existing word seed that you have. The logic of the BIP is to enable people who utilize multiple wallets to manage the chaos of having to maintain individual isolated backups for numerous wallets.
By generating new seeds based on the entropy of a derivation path, users can simply make a single backup of one “master” word seed, and from there be able to regenerate any child seed from that master one. One backup, and you can have as many independent word seeds as you need. They are even safe to transport around, import into different devices or wallets, and have zero risk of putting the master seed or any coins stored on it at risk.
There is cryptographically no way to go backwards from a child seed to the master seed, even if it were compromised. This design makes it very safe to utilize multiple independent seeds/wallets, while streamlining the process of backups to safeguard against loss.
The BIP was updated to follow a pull request suggestion clarifying numerous things, but the key alteration was a change to how the actual child keys were generated, ostensibly to follow the specification in BIP 32 (which details how to generate keys using derivation paths in HD wallets) which BIP 85 did not do strictly. This would have resulted in the same BIP 85 paths generating different keys than they did under the current specification. This is a breaking change.
If it had been implemented in the new specification by any project, it would not properly generate any old BIP 85 seeds that users had already generated and sent money to. This would mean those funds would be “lost” in the sense that the update wallets would no longer correctly generate keys to get people's money if they had lost a copy of the previously generated seed.
The reality is though, that no wallet would have implemented that feature, or if they did, they would have done so in a way to support both methods, because they already have users in the world that have generated seeds using the old specification. Wallets and device makers would not introduce a change that would just break users ability to recover existing funds, it's just not in their best interest.
All this incident demonstrated is a lack of communication, nothing more. There was no real risk of anything ripping out to create real world consequences that would have affected users. Projects implementing BIP 85 made no changes, nothing happened except a technical document was changed. It was even reverted to remove the change immediately after public backlash against the nature of the change, and lack of communication between developers and projects actually implementing the BIP.
People need to stop blowing up communication failures like this, that have no real consequences, as instances of nefarious intent, or a profound failure of competence. It was simply a mistake, one that can be learned from by improving communication between developers and project maintainers going forward, that caused no real harm to anyone.
Blowing up molehills into mountains like this serves no one in this space, and does nothing to improve real problems with communication and coordination in the space. Properly contextualizing in a productive civil way so that people can learn is how to handle these things.
Full story here: