An attacker can flood network with new relays to make us stop using bwauth weights
The bwauths don't write out any opinions if they have stats on less than some fraction (60%) of the relays.
So an attacker could induce this result by signing up n new relays to go with the n current relays, causing all the bwauths to stop outputting opinions.
In the current case that means we default to using the values in the relay descriptors. Inefficient but not so bad.
In the future case (once we merge #2286 (moved)), it means we default to capping all new relays to a low number until the bwauths catch up again.
Authorities are willing to use the last published opinions file for 3 days before they give up on it.
Is this a stable enough defense? During the flood the already-established relays would continue to have the most recent bwauth weights, and the bwauths have 3 days to catch up. Sounds plausible, but I'd like a few more opinions.