by 0x153b2252eddcb3690ae6f5e9f38be13779e1364d (REDACTED)
Currently, only two grant categories require any code created using DAO funds to be open-source, Core Unit and Platform.
Should all code generated using DAO funds be open source?
What if someone creates something 90% of the way and then asks for a grant to complete the last 10%. Does the 90% developed on their own need to be shared as well?
It only makes sense that a project using community funds from the DAO should be open-source. We should be allocating DAO funding to building up a core set of open-source experiences that can act as representations of what can be done on the platform and a starting point for anyone looking to create on the platform.
And the other side of it: what happens to a projects after weāve poured hundreds of thousands of dollars into it when the team running that project decides to stop working on it or the DAO doesnāt renew their grant request? Odds are we lose all the work that was done and are left with either a zombie project in hibernation mode or nothing (after having to suffer a repeated bombardment of grant requests).
Iāve been working on a doctrine for community operated & maintained games for a little while now with the goal to create a series of open-source DAO-funded games that would be developed by teams who would answer directly to the DAO. These teams would provide FULL transparency on code, progress, and budget; while being held directly responsible for managing all aspects of their assigned projects. Moreover, the main directive of these projects shouldnāt be to turn a profit for the DAO, but rather operate at-cost (no end-of-project bonus for the project runner if they decide to cut corners/under-deliver) with the focus to build something that can attract new users and inspire them to start building in Decentraland.
If anyone is interested you can check it the Google Doc Here.
Iāll go for fully supporting this proposal. Actually, Iād go further and say that ideally, every single penny spent by these DAO should be evaluated in the context of public goods.
Other factors, as pointed out by @DedHeadJ and instances where the amounts are relatively insignificant could be taken into account as exceptions. Nevertheless, as I mentioned earlier, I prefer a complete embrace of the 100% open-source approach.
If this passes, please reach out so we can help you with the Draft and Binding proposals.
To me this seems like a good idea, but as a complete non-coder, I donāt feel qualified to make an educated decision.
Are there any possible downsides to this? I would love for more developers to give feedback.
I am for this; however, open sourced does not always equal the best solution. You can open source code but if itās half-baked, half-done, and written so convoluted, whatās the point of having it open-sourced?
I think since this is a poll itās fine for now. But going forward if this passes, we should put structure on what āopen-sourcedā means in terms of DAO projects.
I will reiterate what Iāve said across many open voice calls and proposals, the DAO needs technical people and processes to manage these situations.
āOpen-sourcedā is just one facet of what should be required from our DAO. Hereās how I see our DAO being set up now so we can be ready for future code bases and hand offs (from Foundation).
DAO GitHub
ā All grant projects should be under this GitHub organization and therefore would be āopen-sourcedā
ā Technical Squad to manage pull requests and review code bases
ā Provide coding best practices in Decentraland so grantees can write efficient code
DAO Server
ā Provide grantees with a test server / production server for their code bases to use
ā DAO Technical team would create a Playfab account and/or other standard 3rd party services used by grantees and be able to log into all back ends across all projects
ā All 3rd party services used by grantees would go through the DAO Technical team and review process
ā All 3rd party services would be set up by the DAO Technical team
Arenāt these two separate issues
Issue 1 this prop appears to be addressing: people can use DAO funds to create code for their projects and then hold it hostage for more grant money or just take their ball and go home when the grant ends
Issue 2: People use DAO funds to write shitty code and donāt have a test server to test it on?
My point is thereās a larger opportunity to set in place processes and procedures which include open sourcing code.
We can request anyone open source anythingā¦but that does nothing for transparency and accountability on the project if you donāt have procedures in place.
Every proposal doesnāt needs to solve every issue
Some may be surprised at my yes vote. The one exception I will say is any code that may be related to security, API keys, hashing algorithms, database password, things of that nature that would allow for hacking. Even those should have a āmockā.
If Iām hired by a company to make some code the IP belongs to them. I donāt see why it should be different here.
One issue here is the projects are siloed tiny budget projects. With all the code in github it will help to undo this and help facilitate larger projects. Iāll talk about gaming. You look at the games here 100k this game 50k game that game, we should not be working against each other but assembling dream-teams and working on more large scale projects that end up with a budget like 3 million dollars - composed of many of these small 100k grants. You see how the foundation does it? Theyāre all working on the platform, SDK7 these huge projects with multimillion dollar bugdet. Thatās how a professional software product team rolls not 20k one small project, then start over, 20k next small project. Take example my proposal for shooting games - the proposal should be to add those flying beams to KOA or some other major projects where the code is on github and where Iām following the development process documentation. Many of the wearables - should be matching the themes of major projects. Build 3D objects - should contribute to major projects. Make music - should go into major projects.
I had this problem when I opensourced UNO. But I didnāt want to share the IP address of the server to avoid irregular behaviours being sent.
My server also hosted data that was working for other things that were not funded by the DAO. So developers canāt always be expected to split hairs.
Also if I built a profitable business in DCL then opensourcing it could destroy the income for everyone. One of the key components in competitive technology is playing cards close to your chest.
TLDR, why does this matter?
The GSS decides who gets their funding cut and disputes over opensource can be a reason for them to get picky. So maybe itās an idea to allow for some code not to be opensourced in certain situations. 
These are some issues I felt to point out before some kind of tenderā¦
Should all code generated using DAO funds be open source?
This proposal has been PASSED by a DAO Committee Member (0xfb1afa4dc069ffb47b19dbee196045d508fcd5a2)
If you hardcode those in your code, you have no business getting a grant 
We need this ASAP, the Foundation has an eslint config which could be a good start, but a proper coding style document would be great.
Why donāt you send me a link to where Decentraland documentation that shows how to use the DCL āsecretā like professional-grade programming languages have? You canāt because DCL doesnāt have that. Or if they do they keep it a secret instead of sharing to the community they send their fake accounts to mess with your land. Even after developers ask about this no answers.
If you actually knew something youād know that not every programming file can be accessed by the outside world web server chooses which files are public using the file extension. The typescript files for example arenāt directly accessible and are translated to unreadable javascript. Thatās what a secrets file is it only lives in the memory on the server, never served to public. 9 times out of 10 in the real world as a pro developer if you have the code you have the database password. My gawd stick with selling the Juno adult toys where you actually have a lot of knowledge bruh. Itās time to resign.
Probably if there was a grant to create ābest practices to create secure apps in DCLā you would certainly vote against it and send some hackers to destroy new users for sure. These mob boss legislators belong in prison. I donāt have a database password in my code, but I wonāt be surprised if some developer does because of the complete lack of documentation and features in this regard. Iām pretty sure the top hackers could eventually hack most apps in DCL except maybe some made by mob insiders because of this.
Ouch, I would be ashamed to ridiculise myself as you are doing right now.
Three whole paragraphs to say āI hardcode secrets and there is no other way aroundā with so much confidence. 
Please learn about .env files, environment variables, .gitignore and secrets managers.
I said send me the link to show dcl supports any of those. Yes SOME of those are the kind of technology Iām talking about. I have read every DCL documentation never do I see application secret is supported. Also gitignore has nothing to do directly with security. Thatās only to not check in the file. You should be ashamed Iām not only the supposedly coveted NEW USER, but NEW DEVELOPER all you ever do is trash on the new user and try to get rid of new developer. I highly recommend the foundation DAO to fire you and sue for embezzlement. Never once did anyone ever ask me how was your experience, do you need help with any question, is anything we can improve - only send the Juno sales man to attack, defund and the DAO fake accounts to hack my game.
You keep embarrassing yourself, son.
.gitignore prevents some files (.env containing secrets for example) from being uploaded to a git repository.
You donāt need a Decentraland documentation page to tell you that, thatās an 101 developer thing.
The Foundation and the DAO are two different entities. I am not part of the Foundation, and the DAO doesnāt have legal entity. You can start a vote to kick me out of the DAO Committee though, if you wish so.
Checking in to github is not the same as deploying to the land my gawd youāre clueless.
Similar old poll that didnt go to draft yet, but with GNU
Lately I was thinking Decentraland should describe its own License, but it needs too much time.