2022 Update on accepting contributions to the DFINITY IC repo

Hello!

I want to give everyone an update on the project to further and enable developers to contribute to the different repos of the Internet Computer.

Background

In Q4 2021, DFINITY announced a project to further open source contributions. Since then, we have had a few updates such as An Update on Furthering open source contributions to the IC - November 2021.

To recap, the code for the Internet Computer was published in May 2021, spread across multiple repositories (see: DFINITY · GitHub). While many of these repositories allow public contributions, there are others where public contributions are not supported. Most notably, GitHub - dfinity/ic: Internet Computer blockchain source: the client/replica software run by nodes that contains the replica code, i.e. the IC protocol implementation.

DFINITY itself works off an internal repository in GitLab which allows us to build an extensive testing automation infrastructure. The GitHub repository is a full mirror that is kept in sync in real time.

On a weekly cadence, DFINITY submits an NNS proposal to bless a new replica build. Using the docker-build-ic script, released in late 2021, community members can verify that the proposed build corresponds to the source code commit listed in the NNS proposal. In addition, every new build is announced and offered for discussion on the forum, e.g. version b502c. Once such a proposal is adopted by the neuron holders, the new version is rolled out subnet by subnet using subsequent NNS upgrade proposals. Please note that the canonical IC is any binary that is blessed by means of an adopted NNS proposal, submitted by any party, DFINITY included.

Status of the Project

The publication of the IC’s code and a mechanism for verifying builds proposed for upgrades is indispensable for verifying the decentralization of the IC. This milestone is achieved. Our focus now is to enable an active collaboration with the community and ultimately to invite public contributions to all repositories. However, there are multiple technical and legal challenges that must be tackled step by step without compromising development velocity and the security of the IC. Currently, these challenges are:

  • (A) Dependency on internal infrastructure: the current CI system and developer environment have dependencies to DFINITY’s internal infrastructure.
  • (B) Legal considerations: public contributions bear questions related to copyright, intellectual property and licenses. We need to eliminate related ambiguities to prevent future legal disputes that may obstruct the IC’s sustainability.
  • (C) Security patch process: there is a need for a process to release security patches in the case where revealing the source code could significantly compromise the security of the IC.
  • (D) Design and review process: we received public contributions to other repositories that didn’t fit with new designs we were pursuing. That showed us that we have to make our design process more public. Furthermore, we have to establish efficient reviewing guidelines and processes to foster an efficient collaboration with the community that doesn’t significantly slow-down development velocity. This is not a new thread, of course, it is clear to us that we (DFINITY) need to work with the community to improve the IC’s design and decision making process to bring it up to better standards.

Following we provide an update on our progress with respect to these challenges:

  • (A) We intend to offer a standardized development environment that will work for external developers. Initially, some tests such as end-to-end integration tests which use testnet deployments won’t be reproducible outside our infrastructure. However, we intend to offer a workflow that will enable us to test and merge PRs downstream. This will progress along with an internal project to revamp our internally development environment. We plan to provide an update in Q2.
  • (B) We are finalizing a contributor license agreement (CLA) that will establish under which terms public contributions are included. Next week the CLA will be activated for repositories open to public contributions, e.g. GitHub - dfinity/interface-spec: IC Interface Specification. We will roll-out an automated CLA verification bot that asks developers to agree to the CLA as a prerequisite to merge their PR.
  • (C) The NNS Motion proposal for a security patching process passed by community vote on March 13, 2022 and it will be used moving forward.
  • (D) This is arguably the toughest challenge and will potentially require most time. We have started communicating upcoming designs by means of proposals and discussed them as part of community conversations. With all these initiatives, we have to look for a healthy balance between open collaboration and development velocity. We plan to make further steps towards a more transparent design process during the months to come.

We hope that this update provides useful insights into our efforts to build the necessary infrastructure and processes that facilitate a more active collaboration with the community in the months to come.

10 Likes

Hello!
Then please explain to me what the service-worker code does in this repository? I want to contribute to the service worker codebase, but I can’t

Is this live? :wink:

(The above quip was not 20 characters on it’s own.)

1 Like

Is this live? :wink:

(The above quip was not 20 characters on it’s own.)

Hi @nomeata, sorry the delay we had to make some additional modifications to the CLA automation. Expect to have this activated by the end of this week (Aprtil 8th).

2 Likes

Thanks for the update! The PR at Specify the HTTP Gateway protocol by nomeata · Pull Request #20 · dfinity/interface-spec · GitHub is still lively anyways, probably the CLA will be ready before that PR :slight_smile:

1 Like

Totally agreed! The technical working groups are a great first step, but this is a really hard problem to solve.

How does a self-executing, self-governing computer improve? Who decides which improvements go through? Not everyone has the background or interest to vet every technical proposal. Liquid democracy makes sense in these situations. But I think there also needs to be “full-time” representatives to study and draft new proposals, similar to how elected representatives in democracies are full-time employees of the government.

Right now, DFINITY is that single representative, but ideally one day we in the community can elect technical committees to do the low-level work of technical design. (In the US, congressional committees as well as executive branch bureaucracies fulfill this role. Polkadot also has a concept of a committee, I believe.)

The CLA bot is now live on dfinity/interface-spec. We will roll out to remaining repos on Monday.

2 Likes