This means having some people do security reviews – which might mean engaging external auditors. But it also means communication around the Core EIP proposals that are effectively Last Call, but focused on security issues. Pay attention, have a look, does this impact your current or future use cases.
I’ve suggested 2019-06-21 (June 21st), this is half way between the hard deadline for proposals, and the soft deadline for major client implementations.
It is a very good idea. However, I would invite to think about this a bit more. Giving extra time will not necessarily result in more reviews, as we have seen historically.
As I suggested in my final part of Eth1x workshop blog posts, we may need to more “formally” appoint a reviewer (or two) for each change. Otherwise the time will drag on, and review will only happen just before the hard fork (and it does nowadays).
Rather - a defined review period time where the specific purpose is security.
I also think we have to find funding to pay people for reviews. If people volunteer to do reviews as well — great! But I don’t think we can count on it.
Having people sign up to focus on reviewing all aspects of a change is definitely a good idea.
so: yes, AND.