Cosmos Hub Open Source Funding Policy

We propose the following rules related to all funding decision made by Cosmos Hub community funding bodies (community pool, treasury, subDAOs, Councils etc):

  • Projects receiving funding to deploy chains/consumer chains MUST open source their smart contracts before mainet launch.
  • Wallet projects where users store their private keys and interact with the chain MUST be open source to receive funding.

These requirements exist to protect users. If the conditions for open source compliance are not met, all funding for the project should be immediately halted. Once open source requirements are met, outstanding funding will be provided as previously agreed.

Furthermore these additional rules shall apply to:

  • Community pool may only fund open source projects
  • Future grants from community fund treasury may only fund projects where every component is open source.

Moreover, as a chain built entirely on public goods, we emphasize that all Cosmos funding should prioritize projects that are entirely open source.

By voting YES you approve that we should adopt the funding policies described above

By voting NO you disapprove of the proposal

By voting ABSTAIN you ABSTAIN from making a ruling.

By voting NO with VETO you express that you would like to see depositors penalized by revocation of their proposal deposit, and contributes towards an automatic 1/3 veto threshold.

5 Likes

I believe there is room for a certain extent of closed source in our Cosmos ecosystem which gives projects sometimes a slight advantage in terms of competition.

For anything smart-contract related and funds-related (wallets, etc) I completely agree with this statement. Both have the risk of making your funds magically disappear if developers do things closed source. Security for wallets (or anything else mnemonic related) and smartcontract should be one of the most important aspects to think about, thus opensource is a must-have.

2 Likes

I feel surely they projects can provide timeline for open source but once they launch mainnet the project should be open source.

It seems standard across crypto and considering cosmos place as community owned chain it feels right.

I think that following the good example of Juno, make sense to have also the Hub showing on-chain support to open-source values.

But the proposal/policy should be applied only for the Cosmos Hub community pool.

I don’t agree to include ‘‘Every Cosmos Funding body’’

Mainly because Cosmos is an open ecosystem and the Hub can’t force external companies, ICF included to respect this policy.

This policy can be effective only on the community pool funding initiatives or Consumer Chains applications.

More specifically, the ICF has already a policy to fund only open-source projects, this is specified both on the website and in the Github for the Grants/Funding section (GitHub - interchainio/funding: Information about the Interchain Foundation Funding Program). So there is also no need to signal a policy already in use.

Same applies for others Cosmos Funding Body, if they aren’t directly on the Hub, they can’t be forced to follow a policy and they shouldn’t, because the Hub shouldn’t have power of control over the broader ecosystem that should remain an open-economy.

I totally agree to have this open-source policy on-chain limited to the Hub community pool funding initiatives and also to be extended to any future DAO that will operate directly on the Hub or will manage an Hub treasury.

4 Likes

@RobbStack has essentially covered my thoughts on this and I will just say +1. Remove the ICF point and I am a hard YES to this prop.

I fully support mandating an open-source funding policy for Cosmos Hub community pool. It’s aligned with the foundational core values of Cosmos.

2 Likes

Hey Rob I totally agree, by every cosmos funding body i meant the public community funds. Private organisations should of course be free to do whatever they want.

I see the wording wasn’t prfect so i will change it. I meant community pool as well as the treasuries and sub daos that will be funded from the community pool.

The only reason i included ICF ws because they are to serve community but as they have this policy i might just remove them from the prop. Thank you for the valid feedback it was really helpful!

2 Likes

I have just edited that first sentence, mind checking it? :slight_smile:

Sure Don :slightly_smiling_face:

Yes to this part, but I would just add ''all funding decision made by Cosmos Hub community funding bodies… ‘’ just to avoid any potential confusion that could invalidate the proposal.

As well for the title, I would suggest to call it Cosmos Hub Open Source Funding Policy. Just to avoid the potential confusion between Cosmos the ecosystem and Cosmos Hub the Chain.

I would remove also the ICF part, for the reasons explained in my previous post.

This could represent a long term policy for the Hub so to be effective it should be limited to Cosmos Hub community funding bodies, where the community actually has power to enforce the policy.

2 Likes

Ah man, this is why I love the discussions on Commonwealth/forum. The proposal is sharpened before going on-chain with different visions and opinions. Nice work @RobbStack and @DonCryptonium!

2 Likes

Isnt that the 101 from 2008/9?

1 Like

Can you share a link?

People forget, good sir robot

1 Like

Hi Mr Cryptonium,

I think that this proposal is directionally correct but it does require revision before going on chain. Specifically, it refers to smart contracts however the cosmos hub does much more than smart contracts and is likely to fund much more than smart contracts.

Interchain security means that the hub will fund projects that aren’t just contracts but are instead entire chains.

I would like to draw a clear distinction between what the ICF funds, and what the hubs community pool funds. I think that the ICF should in fact be free to fund closed source software if it would like to. With that said, the hub community pool likely should not.

So you will want to broaden the language of the proposal to include chain code and not only smart contracts. You also likely want to modify the proposal so that it covers anything that touches a key ever. When your fancy 24 words seed phrase enters anything, really that thing should be open source. Otherwise it’s really not possible for users to tell if the software will eventually betray them. It is also important to note, possibly in the proposal, that open source is not in fact a panacea. I think that @zaki_iqlusion put it best when he described liability of open versus closed source:

The easiest thing would to have unwaivable liability for defects in closed source code but liability only for malice in open source code

https://twitter.com/zmanian/status/1593979183524347904

Any claims in the document should probably be reduced to reflect that rather sage statement above.

Finally, there was a gaming example that came from Juno. Somehow this proposal should reflect that. Basically there was a game author on Juno, who was totally okay with open sourcing any wallet pieces, but totally not okay with open sourcing their game. Frankly I’m more or less okay funding something like that although I think it should be approached cautiously because a failed closed source project cannot benefit the community in any way shape or form, whereas a failed open source project leaves the source code behind for the community to use.

2 Likes

Would it be possible to go further on the thought of closed source becoming open source over time?

With tokens it is possible to vest coins, which become available over time.
Is it also possible to put things on a private repo on Github which is automatically opened to the public as time passed? That way you can fund closed source projects (except the wallet part kinda stuff which handles funds as well as parts where txs are done) while ensuring that if they fail the source code becomes available after a while.

Your question about GitHub is well placed but I think that the standard is really pretty easy:

Anything that’s touching user funds should be open source as soon as user funds flow into it so from the time of its genesis.

Good example: Neutron is already open.

There’s no way to be certain that a github repository will be opened at a certain time, that involves trust.

Playing devil’s advocate; suppose you have an app which has multiple purposes.

Only one of these is a wallet function. This part is also completely open-sourced including all parts of the app which are touching the funds in any way.

Other parts which do not touch user funds in any way are closed source.

Would such an application also be exempted from funding? Or is it ok because the relevant parts regarding user funds are open-sourced?

I was looking for the right word online and found it. Hyperlexis:
The sheer quantity of legal rules, regulations and policies, (scattered around) could overwhelm law’s subjects. All this could be resolved by a Constitution, i.e. one concise, coherent set of universally accepted rules for Cosmos Hub.

To this end, all major hub contributors should sit down and work together towards a draft constitution (these contributors including Informal, Iqlusion, Strangelove, Notional and other vals, AiB, ICF and more). Put past issues behind and sit down and work towards a universally accepted Constitution for Cosmos Hub.

Your propositions should definitely be considered and - if possible - included.

My 2c. Thanks for posting Don.

EDIT: Just seen this has been on forum for a while (thought it was just posted). GL with Prop 93.

4 Likes

Sorry I missed this discussion, but for Replicated Security consumer chains, they must absolutely be open source for security reasons, since a malicious consumer chain could cause a Cosmos Hub halt.

This is whether or not they have received funding or anything.

3 Likes

I’m very glad of your hard line stance on this matter.