> But what if that system is now affecting many other people, or the entire planet in a significant way? Should they have some voice over that?
This is an important point you are making. What you must recognize is that they absolutely can have some voice over that.
Just as we can write software (or smart contracts) that allow no one to update and fix such issues. We can write software that allows one person to do it. Or we can lock the ability behind a multisig, requiring a majority of the software's developers to do so. Still not good enough for the use case due to far-reaching trust ramifications? Then we write code that delegates the ability to trigger such an update to the entire userbase of the application.
In the world of contract platforms, you have to keep in mind that contracts and the tools that you can build with them are primitives. They are composable. There is no problem in building a DAO to control the ability to update a contract (or trigger arbitrary functions to remedy critical situations caused by unexpected and undesired state changes). This is already done in practice in various applications--and sometimes with undesirable outcomes! Of course, these are still experimental times and lessons are still being learned.
This is an important point you are making. What you must recognize is that they absolutely can have some voice over that.
Just as we can write software (or smart contracts) that allow no one to update and fix such issues. We can write software that allows one person to do it. Or we can lock the ability behind a multisig, requiring a majority of the software's developers to do so. Still not good enough for the use case due to far-reaching trust ramifications? Then we write code that delegates the ability to trigger such an update to the entire userbase of the application.
In the world of contract platforms, you have to keep in mind that contracts and the tools that you can build with them are primitives. They are composable. There is no problem in building a DAO to control the ability to update a contract (or trigger arbitrary functions to remedy critical situations caused by unexpected and undesired state changes). This is already done in practice in various applications--and sometimes with undesirable outcomes! Of course, these are still experimental times and lessons are still being learned.