ethereum / ethereum-org

[ARCHIVED] ethereum.org website from 2016-2019. See https://github.com/ethereum/ethereum-org-website for current version.
GNU Lesser General Public License v3.0
408 stars 1.39k forks source link

New, more resilient warrant canary #844

Open leafcutterant opened 6 years ago

leafcutterant commented 6 years ago

The current warrant canary on Ethereum.org is a simple one, sitting at the bottom of the main page, simply stating what canaries usually state.

While I appreciate that the EF has a canary at all, I'm confident in my opinion that this canary is very lacking compared to how influential an organization it serves.

For this reason, I propose upgrading the canary mechanism to a new, more resilient one. This could manifest in several features, some of which could be implemented independently from other ones. These include:

evertonfraga commented 6 years ago

There's an EIP for that, created by @ligi https://eips.ethereum.org/EIPS/eip-801

leafcutterant commented 6 years ago

Awesome, I was unaware of ligi's work!

EIP-801, once worked out, could be the way to do it in the dapp way.

In the meantime, the rest are the best ideas I've got.

ligi commented 6 years ago

Thanks for bringing this up @leafcutterant and the ping @evertonfraga! Not sure if we should go for a 'workaround' here - unfortunately workarounds tend to stay - would love to see this directly done as a dApp. This could also be great dogfooding. Really like to see use-cases of Ethereum like this apart from money. I was talking to @Souptacular once - and he was open to using 801 on the website.

leafcutterant commented 6 years ago

unfortunately workarounds tend to stay

That's a very good point. Two solutions would also split attention and slow things down.

I'm torn because on one hand, I think we are in critical times and find that the security the current canary can provide is simply insufficient for EF & co., while on the other, the dapp approach is really the way to go. So I would really like to see just some low-tech improvement to the current canary that requires minimum energy (e.g. one PGP signature, 3 months frequency) — but other other than that, I'm all for EIP-801.