[kmeisthax]

Consensus compatibility is nice, but Bitcoin has a unique problem: those old signatures own coins. Phasing out a signature algorithm means confiscating the coins in question, as the rightful owner will no longer be able to spend them anymore. Leaving them open would just let private actors break wallets to confiscate the coins themselves, with the added bonus that burnt or lost coins could be recovered, effectively increasing the supply of coins on the market. And Bitcoin has a lot of early-adopter money supply locked up behind dead hard drives - it would crash the market.

Other systems that use ECDSA don't have this problem because they rely on CAs and central authorities. For things like, say, the TLS PKI; if you miss the flag date to change ciphers you aren't forever locked out of your domain. Your site just goes down until you bother to upgrade your servers and rotate keys.

Is there any known/stated policy as to how to handle phasing out a signature algorithm in Bitcoin?

[jabbany]

No idea, but I could imagine something where you have a period of time on the chain where both signature types are allowed, and people can just migrate their coins by transferring from the old wallet to one based on the new signature system. Then after a certain cutoff, the chain can phase out the old signature system entirely.

Of course this only works if the old system is just "weak" rather than "broken". There is no way to recover if the signature system is completely broken, but if ECDSA is broken then we have more to worry about than just Bitcoins.

[Spooky23]

Not only that, but bazillions of coins are dead. My 4 bitcoins that were lost to a hard drive failure a decade ago are gone, and “reanimating” them wouldn’t even be theft.

[DoctorOetker]

would you mind pointing at those coins, perhaps even add relevant public key information if still known?