Yeah, you are right. I didn’t want to explicitly add it to the post to avoid extending the scope of it (and avoid thinking about this stuff haha)
If we are assuming receive logics distributed semi-privately, anyone can detect misbehaviour. Perhaps, there are might be services for that the user trusts.
There is a long-term benefit in that (the sender still cannot use just any logic, only an outdated one).
Perhaps another solution based on some key hierarchy (where any signature signed by key X is okay, but if we want to update the logic, we update the key as well) could make sense, but I didn’t explore that much.