[DAO:f9b1403] Should all code generated using DAO funds be open source?

by 0x153b2252eddcb3690ae6f5e9f38be13779e1364d (REDACTED)

Currently, only two grant categories require any code created using DAO funds to be open-source, Core Unit and Platform.

Should all code generated using DAO funds be open source?

  • Yes - Open Source
  • No
  • Invalid question/options

Vote on this proposal on the Decentraland DAO

View this proposal on Snapshot

2 Likes

What if someone creates something 90% of the way and then asks for a grant to complete the last 10%. Does the 90% developed on their own need to be shared as well?

1 Like

It only makes sense that a project using community funds from the DAO should be open-source. We should be allocating DAO funding to building up a core set of open-source experiences that can act as representations of what can be done on the platform and a starting point for anyone looking to create on the platform.

And the other side of it: what happens to a projects after we’ve poured hundreds of thousands of dollars into it when the team running that project decides to stop working on it or the DAO doesn’t renew their grant request? Odds are we lose all the work that was done and are left with either a zombie project in hibernation mode or nothing (after having to suffer a repeated bombardment of grant requests).

I’ve been working on a doctrine for community operated & maintained games for a little while now with the goal to create a series of open-source DAO-funded games that would be developed by teams who would answer directly to the DAO. These teams would provide FULL transparency on code, progress, and budget; while being held directly responsible for managing all aspects of their assigned projects. Moreover, the main directive of these projects shouldn’t be to turn a profit for the DAO, but rather operate at-cost (no end-of-project bonus for the project runner if they decide to cut corners/under-deliver) with the focus to build something that can attract new users and inspire them to start building in Decentraland.

If anyone is interested you can check it the Google Doc Here.

3 Likes

I’ll go for fully supporting this proposal. Actually, I’d go further and say that ideally, every single penny spent by these DAO should be evaluated in the context of public goods.

Other factors, as pointed out by @DedHeadJ and instances where the amounts are relatively insignificant could be taken into account as exceptions. Nevertheless, as I mentioned earlier, I prefer a complete embrace of the 100% open-source approach.

If this passes, please reach out so we can help you with the Draft and Binding proposals.

3 Likes

To me this seems like a good idea, but as a complete non-coder, I don’t feel qualified to make an educated decision.

Are there any possible downsides to this? I would love for more developers to give feedback.

1 Like

I am for this; however, open sourced does not always equal the best solution. You can open source code but if it’s half-baked, half-done, and written so convoluted, what’s the point of having it open-sourced?

I think since this is a poll it’s fine for now. But going forward if this passes, we should put structure on what “open-sourced” means in terms of DAO projects.

I will reiterate what I’ve said across many open voice calls and proposals, the DAO needs technical people and processes to manage these situations.

“Open-sourced” is just one facet of what should be required from our DAO. Here’s how I see our DAO being set up now so we can be ready for future code bases and hand offs (from Foundation).

  • DAO GitHub
    – All grant projects should be under this GitHub organization and therefore would be “open-sourced”
    – Technical Squad to manage pull requests and review code bases
    – Provide coding best practices in Decentraland so grantees can write efficient code

  • DAO Server
    – Provide grantees with a test server / production server for their code bases to use
    – DAO Technical team would create a Playfab account and/or other standard 3rd party services used by grantees and be able to log into all back ends across all projects
    – All 3rd party services used by grantees would go through the DAO Technical team and review process
    – All 3rd party services would be set up by the DAO Technical team

5 Likes

Aren’t these two separate issues

Issue 1 this prop appears to be addressing: people can use DAO funds to create code for their projects and then hold it hostage for more grant money or just take their ball and go home when the grant ends

Issue 2: People use DAO funds to write shitty code and don’t have a test server to test it on?

1 Like

My point is there’s a larger opportunity to set in place processes and procedures which include open sourcing code.

We can request anyone open source anything…but that does nothing for transparency and accountability on the project if you don’t have procedures in place.

1 Like

Every proposal doesn’t needs to solve every issue

1 Like

Some may be surprised at my yes vote. The one exception I will say is any code that may be related to security, API keys, hashing algorithms, database password, things of that nature that would allow for hacking. Even those should have a “mock”.

If I’m hired by a company to make some code the IP belongs to them. I don’t see why it should be different here.

One issue here is the projects are siloed tiny budget projects. With all the code in github it will help to undo this and help facilitate larger projects. I’ll talk about gaming. You look at the games here 100k this game 50k game that game, we should not be working against each other but assembling dream-teams and working on more large scale projects that end up with a budget like 3 million dollars - composed of many of these small 100k grants. You see how the foundation does it? They’re all working on the platform, SDK7 these huge projects with multimillion dollar bugdet. That’s how a professional software product team rolls not 20k one small project, then start over, 20k next small project. Take example my proposal for shooting games - the proposal should be to add those flying beams to KOA or some other major projects where the code is on github and where I’m following the development process documentation. Many of the wearables - should be matching the themes of major projects. Build 3D objects - should contribute to major projects. Make music - should go into major projects.

2 Likes

I had this problem when I opensourced UNO. But I didn’t want to share the IP address of the server to avoid irregular behaviours being sent.

My server also hosted data that was working for other things that were not funded by the DAO. So developers can’t always be expected to split hairs.

Also if I built a profitable business in DCL then opensourcing it could destroy the income for everyone. One of the key components in competitive technology is playing cards close to your chest.

TLDR, why does this matter?
The GSS decides who gets their funding cut and disputes over opensource can be a reason for them to get picky. So maybe it’s an idea to allow for some code not to be opensourced in certain situations. :man_shrugging:

These are some issues I felt to point out before some kind of tender…

Source.

2 Likes

Should all code generated using DAO funds be open source?

This proposal has been PASSED by a DAO Committee Member (0xfb1afa4dc069ffb47b19dbee196045d508fcd5a2)

1 Like

If you hardcode those in your code, you have no business getting a grant :skull_and_crossbones:

We need this ASAP, the Foundation has an eslint config which could be a good start, but a proper coding style document would be great.

2 Likes

Why don’t you send me a link to where Decentraland documentation that shows how to use the DCL “secret” like professional-grade programming languages have? You can’t because DCL doesn’t have that. Or if they do they keep it a secret instead of sharing to the community they send their fake accounts to mess with your land. Even after developers ask about this no answers.

If you actually knew something you’d know that not every programming file can be accessed by the outside world web server chooses which files are public using the file extension. The typescript files for example aren’t directly accessible and are translated to unreadable javascript. That’s what a secrets file is it only lives in the memory on the server, never served to public. 9 times out of 10 in the real world as a pro developer if you have the code you have the database password. My gawd stick with selling the Juno adult toys where you actually have a lot of knowledge bruh. It’s time to resign.

Probably if there was a grant to create ‘best practices to create secure apps in DCL’ you would certainly vote against it and send some hackers to destroy new users for sure. These mob boss legislators belong in prison. I don’t have a database password in my code, but I won’t be surprised if some developer does because of the complete lack of documentation and features in this regard. I’m pretty sure the top hackers could eventually hack most apps in DCL except maybe some made by mob insiders because of this.

1 Like

Ouch, I would be ashamed to ridiculise myself as you are doing right now.
Three whole paragraphs to say “I hardcode secrets and there is no other way around” with so much confidence. :joy:

Please learn about .env files, environment variables, .gitignore and secrets managers.

2 Likes

I said send me the link to show dcl supports any of those. Yes SOME of those are the kind of technology I’m talking about. I have read every DCL documentation never do I see application secret is supported. Also gitignore has nothing to do directly with security. That’s only to not check in the file. You should be ashamed I’m not only the supposedly coveted NEW USER, but NEW DEVELOPER all you ever do is trash on the new user and try to get rid of new developer. I highly recommend the foundation DAO to fire you and sue for embezzlement. Never once did anyone ever ask me how was your experience, do you need help with any question, is anything we can improve - only send the Juno sales man to attack, defund and the DAO fake accounts to hack my game.

1 Like

You keep embarrassing yourself, son.
.gitignore prevents some files (.env containing secrets for example) from being uploaded to a git repository.
You don’t need a Decentraland documentation page to tell you that, that’s an 101 developer thing.

The Foundation and the DAO are two different entities. I am not part of the Foundation, and the DAO doesn’t have legal entity. You can start a vote to kick me out of the DAO Committee though, if you wish so.

2 Likes

Checking in to github is not the same as deploying to the land my gawd you’re clueless.

1 Like

Similar old poll that didnt go to draft yet, but with GNU

Lately I was thinking Decentraland should describe its own License, but it needs too much time.