Proposal for next level decentralization for Aeternity

Background concept:
Perhaps, the most attractive aspect of blockchain is decentralization. The idea of unstoppable applications. However, the code base for these applications is itself centralized on public repos like GitHub. Therefore, as a whole, it is not completely decentralized. What is to stop governments from blocking these repo sites? Or shutting down hard coded seed IP’s found in seeds lists for decentralized applications - else an application might need to then brute force scan all possible IP addresses!?

Here are some proposed ideas (for the future):

  1. Create a decentralized GIT repo. Store all Aeternity code on the decentralized repo. This would ensure the code base is not erased from the public by any government or corporate action. AE nodes could update themselves from this decentralized repo. etc…

  2. Create a decentralized seed list for AE nodes. It should be able to be updated. This would speed up nodes finding each other, and ensure the seed list can adapt to any potential attempts to shut it down.

_end

git repositories are decentralized by nature. GitHub is just a place where these repositories can be made publicly available and GitHub provides many other cool features.

  • every client that clones the official repository has a copy of it on his/her machine

IMO it doesn’t really make sense to create something like a decentralized GitHub alternative. that’s waste of time.

but what definitely makes sense is making use of commit signature verification for all of aeternities repositories.

I see the your point, but it seems the way you are describing it as decentralized is saying that because copies of it are located on other people’s computers, then it is inherently decentralized. That is true technically, but not the whole story. There needs to be unstoppable access and a verifiable source.

So, let’s say entity X shuts down Github. How do I say, “Nice try big bad wolf! But I still have access to the repo! I’ll just download it from someone else’s computer!” …without having to struggle solving the questions of:

  • “Where is this person?”

…and…

  • “How do I verify their copy of the code is a legitimate copy?”

Also, developers would continue to update the source code. It would make sense if they have the same ready common source from which they will know they can reliably fork the code.

The idea you proposed makes sense to me too. I’d also want some way to keep the “trusted sources” in check somehow. I suppose that requires the programming community interested in AE (for example) to overall be checking the code for security issues.

1 Like

Let’s say they shutdown GitHub, but all the developers still have a copy of their repository on their personal computers. They would still have all the history of the code changes, commits, comments, everything in their git repository. A way to verify if it’s legit is to just review all that information and check if it’s right. A better way is to get 2 or more of these repositories together, and compare the files, noting the differences in commits, code, etc, then merge.

But now Microsoft owns GitHub, you think it could be shut down that easily? Also there are many Github competitors like BitBucket for example, they could just re-upload their repositories to a github alternative and merge any differences after they’re verified.

I have understood these ideas. However, I think trusting a corporation - even Microsoft - for ready access to the code of a trust-less network is self-defeating.

Also, I realize this would not stop a blockchain from continuing development (eventually), but it would make it more difficult to regroup. And keep in mind, not all mines are programmers and would need a way of reasonably believing what improvements are secure and what the consensus will also follow.

It might be a while before this is needed… if at all… but I still think it would make sense. Perhaps, what a decentralized internet would make this potential problem moot. And if blockchain will power the decentralized internet (as some might think), then it seems this idea would be inevitable anyway. Time will tell.

I like the decentralised seed list, of course we will need that (we could even build an aepp where people can register seed nodes and users can up/down vote them, ob blacklist).

Regarding GIT, there are many forks already. I’m pretty sure there is no real issue having it the way it is, even Bitcoin is like that. We could also mirror it to Gitlab.