We propose the following rules related to all funding decision made by Cosmos Hub community funding bodies (community pool, treasury, subDAOs, Councils etc):
Projects receiving funding to deploy chains/consumer chains MUST open source their smart contracts before mainet launch.
Wallet projects where users store their private keys and interact with the chain MUST be open source to receive funding.
These requirements exist to protect users. If the conditions for open source compliance are not met, all funding for the project should be immediately halted. Once open source requirements are met, outstanding funding will be provided as previously agreed.
Furthermore these additional rules shall apply to:
Community pool may only fund open source projects
Future grants from community fund treasury may only fund projects where every component is open source.
Moreover, as a chain built entirely on public goods, we emphasize that all Cosmos funding should prioritize projects that are entirely open source.
By voting YES you approve that we should adopt the funding policies described above
By voting NO you disapprove of the proposal
By voting ABSTAIN you ABSTAIN from making a ruling.
By voting NO with VETO you express that you would like to see depositors penalized by revocation of their proposal deposit, and contributes towards an automatic 1/3 veto threshold.
I believe there is room for a certain extent of closed source in our Cosmos ecosystem which gives projects sometimes a slight advantage in terms of competition.
For anything smart-contract related and funds-related (wallets, etc) I completely agree with this statement. Both have the risk of making your funds magically disappear if developers do things closed source. Security for wallets (or anything else mnemonic related) and smartcontract should be one of the most important aspects to think about, thus opensource is a must-have.
Same applies for others Cosmos Funding Body, if they aren’t directly on the Hub, they can’t be forced to follow a policy and they shouldn’t, because the Hub shouldn’t have power of control over the broader ecosystem that should remain an open-economy.
I totally agree to have this open-source policy on-chain limited to the Hub community pool funding initiatives and also to be extended to any future DAO that will operate directly on the Hub or will manage an Hub treasury.
Hey Rob I totally agree, by every cosmos funding body i meant the public community funds. Private organisations should of course be free to do whatever they want.
I see the wording wasn’t prfect so i will change it. I meant community pool as well as the treasuries and sub daos that will be funded from the community pool.
The only reason i included ICF ws because they are to serve community but as they have this policy i might just remove them from the prop. Thank you for the valid feedback it was really helpful!
Yes to this part, but I would just add ''all funding decision made by Cosmos Hub community funding bodies… ‘’ just to avoid any potential confusion that could invalidate the proposal.
As well for the title, I would suggest to call it Cosmos Hub Open Source Funding Policy. Just to avoid the potential confusion between Cosmos the ecosystem and Cosmos Hub the Chain.
I would remove also the ICF part, for the reasons explained in my previous post.
This could represent a long term policy for the Hub so to be effective it should be limited to Cosmos Hub community funding bodies, where the community actually has power to enforce the policy.
Ah man, this is why I love the discussions on Commonwealth/forum. The proposal is sharpened before going on-chain with different visions and opinions. Nice work @RobbStack and @DonCryptonium!
I think that this proposal is directionally correct but it does require revision before going on chain. Specifically, it refers to smart contracts however the cosmos hub does much more than smart contracts and is likely to fund much more than smart contracts.
Interchain security means that the hub will fund projects that aren’t just contracts but are instead entire chains.
I would like to draw a clear distinction between what the ICF funds, and what the hubs community pool funds. I think that the ICF should in fact be free to fund closed source software if it would like to. With that said, the hub community pool likely should not.
So you will want to broaden the language of the proposal to include chain code and not only smart contracts. You also likely want to modify the proposal so that it covers anything that touches a key ever. When your fancy 24 words seed phrase enters anything, really that thing should be open source. Otherwise it’s really not possible for users to tell if the software will eventually betray them. It is also important to note, possibly in the proposal, that open source is not in fact a panacea. I think that @zaki_iqlusion put it best when he described liability of open versus closed source:
The easiest thing would to have unwaivable liability for defects in closed source code but liability only for malice in open source code
Any claims in the document should probably be reduced to reflect that rather sage statement above.
Finally, there was a gaming example that came from Juno. Somehow this proposal should reflect that. Basically there was a game author on Juno, who was totally okay with open sourcing any wallet pieces, but totally not okay with open sourcing their game. Frankly I’m more or less okay funding something like that although I think it should be approached cautiously because a failed closed source project cannot benefit the community in any way shape or form, whereas a failed open source project leaves the source code behind for the community to use.
Would it be possible to go further on the thought of closed source becoming open source over time?
With tokens it is possible to vest coins, which become available over time.
Is it also possible to put things on a private repo on Github which is automatically opened to the public as time passed? That way you can fund closed source projects (except the wallet part kinda stuff which handles funds as well as parts where txs are done) while ensuring that if they fail the source code becomes available after a while.
Playing devil’s advocate; suppose you have an app which has multiple purposes.
Only one of these is a wallet function. This part is also completely open-sourced including all parts of the app which are touching the funds in any way.
Other parts which do not touch user funds in any way are closed source.
Would such an application also be exempted from funding? Or is it ok because the relevant parts regarding user funds are open-sourced?
I was looking for the right word online and found it. Hyperlexis:
The sheer quantity of legal rules, regulations and policies, (scattered around) could overwhelm law’s subjects. All this could be resolved by a Constitution, i.e. one concise, coherent set of universally accepted rules for Cosmos Hub.
To this end, all major hub contributors should sit down and work together towards a draft constitution (these contributors including Informal, Iqlusion, Strangelove, Notional and other vals, AiB, ICF and more). Put past issues behind and sit down and work towards a universally accepted Constitution for Cosmos Hub.
Your propositions should definitely be considered and - if possible - included.
My 2c. Thanks for posting Don.
EDIT: Just seen this has been on forum for a while (thought it was just posted). GL with Prop 93.
Sorry I missed this discussion, but for Replicated Security consumer chains, they must absolutely be open source for security reasons, since a malicious consumer chain could cause a Cosmos Hub halt.
This is whether or not they have received funding or anything.