[Proposal] Proposal 4940

fragwuerdig · September 19, 2022, 7:54am

Summary

The original proposal was formulated by Jacob Gadikian from Notional.

He proposes to make GitHub - terra-rebels/classic-core: GO implementation of the Terra Protocol the canonical repository for the Terra Classic blockchain, i.e. the repo from which updates are fed to the validators.

Unfortunately this proposal was posted onto the Blockchain before it was proposed in the Research Forum. So I post it here for the sake of completeness.

Motivation

The motivation is clear: Terra Rebels want permissionless access to the canonical repo in order to deliver their work. This is because TFL shows no intends to maintain the repository anymore.

Proposal

Please have a look at proposal 4940 on-chain or at Jacobs original Tweet.

This thread is open for discussion.

Joe_Smith · September 21, 2022, 8:45pm

Affirmation on why proposals should be thoroughly discussed before drafted and voted. Now people just see TR and vote blindly. A dangerous path to walk. It will bite us.

Zaradar · September 21, 2022, 8:46pm

This is a clear misrepresentation of facts and can be easily dismissed by the GitHub audit logs. The fact is another person took over the GH and kicked me out, even thou I was working with the devs in the background. If you want to move the repo that just fine, but atleast have the decency to get your fucking facts straight

fragwuerdig · September 21, 2022, 8:56pm

@Zaradar: I would like you to avoid strong language. Please make your case clear without yelling at people. Don’t misunderstand me. I am a full supporter of this proposal. But getting loud could render Terra Rebels untrustworthy.

aeuser999 · September 21, 2022, 10:55pm

My main concerns with this proposal are that:

the Terra Rebel’s repository is currently owned by one person, not by Terra Rebel’s as a whole. @Zaradar has stated “I created and own the TR repo” (click here for source). I respect him greatly, enjoy the conversations I have had with him, even where we sometimes disagree (which has always helped to sharpen my thinking, and forces me to have to [re-]research and consider a topic further), I appreciate him as a person, and I respect him as a developer, but it is a concern for me that the repository is owned by a single person that is contributing code as one of the few owners (rather than Terra Rebel’s as a whole), at least if the goal is decentralization. I would feel the same if it were a github org that I owned as repository owner.
While the classic-core repository holds a portion of the protocol’s code, it does not hold all of it. The cosmos-sdk holds custom pieces of code that are also part of the protocol for instance. The classic-docs holds the documentation which defines, in written form, certain aspects of the protocol for developers (who then is the official source for documentation for instance). While classic-core is important because it is the repository that holds the finalized release code, there are other repositories that should also have been included in this list.
There are no processes listed about independent security review or testing requirements that would be appropriate for a repository to maintain trust as authoritative (although to be fair, there was not for TFL that I am aware of)

A month ago I was considering opening a discussion for a potential proposal that was essentially the same in substance as this one. I pointed out at the time something that @ek826 also recently pointed out, which is the official github org (collection of repositories) can be changed at will through a Terra v1 governance vote (and should if there becomes any concerns about honest procedure with the code, review, security, or distribution path to validators).

For me the issue of having a single trusted repository, preferably decentralized, was mainly one of security. It appeared a single source would provide better security as well as meet the goals of community contributions that are contributed as implementations of governance proposals that had passed, and were independently reviewed by multiple sources (primarily for security) and had appropriate testing. A single repository, with clear rules about what is considered appropriate vs. inappropriate for code, security, testing, and community contributions, based on Terra v1 governance, could provided a trusted source, as the cosmos-sdk documentation states is necessary. It made sure that multiple repositories were not diverging and causing issues with code regression (or subtle security issues either unintentionally or intentionally). It does not necessarily, however, provide for node diversification, which is a goal @Zaradar has mentioned he personally would like to see.

I did not pursue it any further since proposal 4159 gave a template that could be used, and handled the security and testing aspects without necessarily needing a single repository, however this proposal, while still open as a proposal, offers the opportunity to rethink this.

It should be stated as well that a person can change their vote, one way or the other, during open voting.

If this proposal should pass, then I am hoping to open a discussion around aspects of code review and distribution (just to make sure there are clear guidelines from the Terra v1 governance community on aspects that signal when it should choose to change the official/authoritative/canonical set of repositories). Things such as:

Is it appropriate to distribute to validators without a Terra v1 governance vote, and if so, on which issues (possibly such as a Common Vulnerabilities and Exposures (CVE) high or medium vulnerability in the code directly or for a referenced library, after appropriate testing)?
What level of review, security procedure, and testing must be done before a release?
What repositories, or functionality in repositories, require a Terra v1 governance vote (such as the documentation states that those things that change the protocol, but also the functionality around governance and staking that is documented as the official way a person is to interact with governance [such as the ability to stake as well as governance section of Terra Station, since they are currently documented as the way for non-application-developers or validators to interact with those portions])?
Under what conditions should a genesis event, or friendly fork, happen?

If this proposal should not pass, then the discussion may also include using security review service/volunteers to host a primary and secondary org of mirrored repositories as the authoritative repositories for the Terra v1 community with the goal of providing equal access to community developers for contributions that further governance proposals that have passed. The repositories could be traditional hosted services such as github, gitlab, atlasian, etc; or it could be a decentralized option such as Radicle (one review here)

Just a few thoughts.

aeuser999 · September 21, 2022, 11:31pm

Note: I have deleted, edited, and reposted my previous comment since, on further discussion with @Zaradar, he felt what I mentioned did not provide an accurate portrayal of the events. The point of the post was not to do any damage to his reputation, although it was meant to be an honest reflection, from my own perspective, of a situation that caused pause for thought. The actual point of concern that I was attempting to communicate, at least for myself, was one regarding decentralization, and particularly with the issue of repositories.

Topic		Replies	Views
Proposal for No Canonical Repo for Terra Classic Governance & Proposals	117	8126	May 11, 2023
No Canonical GitHub Repository Governance & Proposals	12	1001	April 18, 2023
Location/Link to Terra Classic source code? General	2	277	May 27, 2022
Re-institute decentralized governance & order Governance & Proposals	5	511	May 28, 2022
Proposal For distribution of code for proposal 3568 (for the 1.2% burn) and for 4095 (re-enable delegation and staking) Governance & Proposals	274	39213	September 9, 2022

[Proposal] Proposal 4940

Related topics