All Core Devs Meeting #14
Meeting Date/Time: 2019/01/21 at 15:00 UTC
Aragon One updates from last call and current priorities (~5-10min)
- Identity: another forum post will be coming from Jorge on a simpler identity “tagging” system that can be implemented more readily than the fully baked ENS version
- Voting: SVRP PoC only scaled 10x so not as good as expected
- May look at different directions
- v1 of Aragon Network
- AraCon presentation will have a roadmap we commit to
- Includes proposals and dispute resolution
- Will fork off of Kleros’ current contracts
- Probably code freeze by end of
- Attempting to code freeze by end of this sprint
Aragon DAC updates from last call and current priorities (~5-10min)
- Focus on flock proposal
- Sync on next steps after rejection
- Re-group and apply again. Looking for funds for the next 3 months
- Most Important work in the past weeks: the CLI by Daniel
- Protofire. Waiting for results on the DAC flock proposal. There are things to be completed for M5. The work was blocked because of payments. The team wants to move forward contributing to the Aragon ecosystem
Aragon Autark updates from last call and current priorities (~5-10min)
- Happy to move to next round
- Cleaning and working on projects. This work needs more discussion.
- Web presence established
- UofT hacks – learnings from students hackathon. Put something together that summarise those learnings
- APM hackathon
- AraCon will be livestreamed
- Naming system for many repos was confusing, specifically aragonOS. It seems very challenging for devs that are not experience with web3 to interact with the current infrastructure
- Main driving motivation: get an internship, financial aid
- Tutorials & docs were lacking some relevant info, specifically on the new CLI features
- Redesign of the hack website to make it more aligned with the Aragon branding
- Delfi update: submit 2 PRs, almost done
- Chris was working on some features and documentation. He will take some time off from the project.
- Need to check with him where he left things of (submitted PRs)
- Daniel and Gabi working on a potential proposal for Nest about tutorials
Aragon apps holding web2.0 secrets
- TPS: putting this in the app cash but it’s not a secret?
- Make request with a bear token but not using the server secret. As soon as you use this token, it’s public.
- Simpler security model: per user instead of per application
- Is it important for Aragon apps to keep the secret? We don’t have a good solution for it right now. Perhaps using a secret data provider like Keep
- Using Enigma for short term instead of using Keep: Bingen was adapting the smart contract side to adapt it to the Aragon app.
AGP review results
- Perspective from devs on the Security proposal:
- We need a security audit for some sensitive features and in order to arrange this case by case basis takes too much time / won’t scale for rolling product releases
- They are very aligned with the project and taking the AGP process very seriously
- Concerns with the incentive structure
- Rolling audits can add a lot of value, the fees per audit makes sense
- ANT should be part of their compensation
- Scope of the security partner (they represent the entire network) - do the other Flock teams have the same access to the audits?
- We need to be careful with what apps, projects go under the auditors scope, they might not have capacity for auditing all.
- Might be worth for them to work on our security assumptions on the sandboxing and monolithic or cross contract interactions
- Considerations on their expertise (contract side & web stacks). It’s difficult to find a team that has expert resources on both stacks
- On our side, we could do more cross-team reviews/audits on specific apps
A1: Gorka, Brett, Paul, Luke, Delfi, Bingen, Pierre, Luis, Jorge, Maria, Paty
DAC: Gabi, Jeremy
Protofire: Leo, Manu
Autark: Kevin, Arthur