Governance forms a whitelist of sequencer operators ala Lido, and we rotate between them every epoch (e.g. X hours). Optimism Foundation retains rights as a reserve sequencer if the lead sequencer is offline. Can ask them to post up a bond in OP or ETH.
Next step, whitelisted operators can participate in an auction, more sophisticated penalties/incentives. Final step: remove the whitelist, or implement whatever the final decentralization mechanism.
Practically speaking, I think the pathway to sequencer decentralization likely needs to look like this:
Bedrock is a critical part of Sequencer decentralization because we can reintroduce a mempool (among a few other things). Unclear if the mempool will be public, but at least it can be shared by Sequencer nodes. This means we don’t lose transactions when we switch between sequencers. Anyway, this means Bedrock is a hard dependency.
Once we have Bedrock, we could start by having the foundation run multiple sequencer nodes that switch by round robin. Effectively the same as your proposal but the foundation runs all nodes. Allows us to build confidence in the design before going to external parties.
Move towards a governance-controlled whitelist with the reserved foundation node, like you said.