How does ICP ensure that developers follow NNS voting results for code development?

How does ICP ensure that developers follow NNS voting results for code updates and development? Can developers bypass NNS voting and make changes to the code themselves? is it possible that the code updated by the developer is inconsistent with the code voted by NNS?

3 Likes

It’s interesting, so let me add this.

I know that IC by its nature cannot be hard forked, but how do you consolidate opinions if there is an issue or issues that you don’t agree with even by voting?

When a proposal is put up to change the code, the binary is put into the call for the create of the proposal, and if the proposal passes, then that binary is used. People can call get_proposal_info method to see the proposal data, if the proposal is to change the code, people will see the payload that contains a candid record with the new binary. p.s. I havent tested this while a proposal was live.

1 Like

In other words, is it necessary for the user to submit the corresponding code when publishing the proposal? So how do people who don’t know how to write code publish proposals?

Let me give you an example. The proposal to integrate Bitcoin with Internet computers has now been passed, but the code has not yet been written. But after the code is completed, how can he update it to the Internet computer? Need to initiate another proposal? Or does Dfinity update the code to the Internet computer by itself? How do we ensure that the code has no backdoors? Or is it possible for Dfinity to abuse its power to bypass voting and update other codes?

1 Like

These are great questions. The proposal that has passed was a BS proposal. It was just to try to “see if they should start working on it”. Whether that proposal passed or not didnt change anything about the internet-computer-system. They call it a Motion, just like when a Motion is filed in a court, it does nothing. After the code for the new feature is complete then yes they will have to submit a new proposal, one that has the new binary within it, but this proposal they won’t make public, (at least they haven’t been) they will put it up quietly and then vote on it themselves quickly and then come out and say hey that feature we were talking about is done. Even though no one outside dfinity had time to check the hash of the proposed-binary, check the proposed-source-code for malicious code, build the proposed source code, and check if the hashes are the same. Not just that they give nobody time to do this, but us people outside dfinity cannot build the source ourselves at this time, see this thread: Ic code dump incomplete? and many other threads. This means that at this time we cannot even check that the source code that is on their github is the same source code that is being proposed and updated into the system. They don’t even put the latest code onto their github before they propose it. Until we can build the complete proposed source code for the whole IC on each proposal, so that we can verify that the hash of the proposed binary is the same as the hash of the source-code-build by our selves, all of these community conversations are bs.

5 Likes

So when the new feature is developed, Dfinity will submit a binary file for everyone (actually Dfinity himself) to vote for approval instead of submitting the source code? With only binary files, there is no way for users to know what is really updated, right? That vote essentially loses its meaning, because users don’t know what they are passing. If this is the case, Internet computers are still centralized and insecure. Is this correct?

This is correct. These are the facts at this time, and they must be seen for what they are.

Since ICP is not decentralized, are you still optimistic about ICP?

Now it is not really decentralized but the hope is that with time it will be. I’m optimistic about it.