I want to give everyone an update on the project to further and enable developers to contribute to the different repos of the Internet Computer.
In Q4 2021, DFINITY announced a project to further open source contributions. Since then, we have had a few updates such as An Update on Furthering open source contributions to the IC - November 2021.
To recap, the code for the Internet Computer was published in May 2021, spread across multiple repositories (see: DFINITY · GitHub). While many of these repositories allow public contributions, there are others where public contributions are not supported. Most notably, GitHub - dfinity/ic: Internet Computer blockchain source: the client/replica software run by nodes that contains the replica code, i.e. the IC protocol implementation.
DFINITY itself works off an internal repository in GitLab which allows us to build an extensive testing automation infrastructure. The GitHub repository is a full mirror that is kept in sync in real time.
On a weekly cadence, DFINITY submits an NNS proposal to bless a new replica build. Using the docker-build-ic script, released in late 2021, community members can verify that the proposed build corresponds to the source code commit listed in the NNS proposal. In addition, every new build is announced and offered for discussion on the forum, e.g. version b502c. Once such a proposal is adopted by the neuron holders, the new version is rolled out subnet by subnet using subsequent NNS upgrade proposals. Please note that the canonical IC is any binary that is blessed by means of an adopted NNS proposal, submitted by any party, DFINITY included.
The publication of the IC’s code and a mechanism for verifying builds proposed for upgrades is indispensable for verifying the decentralization of the IC. This milestone is achieved. Our focus now is to enable an active collaboration with the community and ultimately to invite public contributions to all repositories. However, there are multiple technical and legal challenges that must be tackled step by step without compromising development velocity and the security of the IC. Currently, these challenges are:
- (A) Dependency on internal infrastructure: the current CI system and developer environment have dependencies to DFINITY’s internal infrastructure.
- (B) Legal considerations: public contributions bear questions related to copyright, intellectual property and licenses. We need to eliminate related ambiguities to prevent future legal disputes that may obstruct the IC’s sustainability.
- (C) Security patch process: there is a need for a process to release security patches in the case where revealing the source code could significantly compromise the security of the IC.
- (D) Design and review process: we received public contributions to other repositories that didn’t fit with new designs we were pursuing. That showed us that we have to make our design process more public. Furthermore, we have to establish efficient reviewing guidelines and processes to foster an efficient collaboration with the community that doesn’t significantly slow-down development velocity. This is not a new thread, of course, it is clear to us that we (DFINITY) need to work with the community to improve the IC’s design and decision making process to bring it up to better standards.
Following we provide an update on our progress with respect to these challenges:
- (A) We intend to offer a standardized development environment that will work for external developers. Initially, some tests such as end-to-end integration tests which use testnet deployments won’t be reproducible outside our infrastructure. However, we intend to offer a workflow that will enable us to test and merge PRs downstream. This will progress along with an internal project to revamp our internally development environment. We plan to provide an update in Q2.
- (B) We are finalizing a contributor license agreement (CLA) that will establish under which terms public contributions are included. Next week the CLA will be activated for repositories open to public contributions, e.g. GitHub - dfinity/interface-spec: IC Interface Specification. We will roll-out an automated CLA verification bot that asks developers to agree to the CLA as a prerequisite to merge their PR.
- (C) The NNS Motion proposal for a security patching process passed by community vote on March 13, 2022 and it will be used moving forward.
- (D) This is arguably the toughest challenge and will potentially require most time. We have started communicating upcoming designs by means of proposals and discussed them as part of community conversations. With all these initiatives, we have to look for a healthy balance between open collaboration and development velocity. We plan to make further steps towards a more transparent design process during the months to come.
We hope that this update provides useful insights into our efforts to build the necessary infrastructure and processes that facilitate a more active collaboration with the community in the months to come.