kostko
commented
2 weeks ago An initial step that we can implement immediately could be to just have a backend that can fetch binaries via HTTPS. There would be two steps:
- Looking up the bundle URL from a known manifest hash. E.g. these could be implemented by having a repository of files where the filename is the Base16-encoded manifest hash. The content of the file would be just the URL to use.
- Fetching the actual bundle from the resolved URL.
As long as the manifest hash is available for verification on-chain, it should be fine. We can then gradually transition to a more decentralized version.
Either our own P2P protocol or we could just store them in IPFS or similar. We could simply chunk the bundle into equally-sized chunks and then provide those to peers. In order to reduce avenues for a DoS attack, only nodes that are registered for a given runtime would be eligible to request bundles.
There should also be support for hot-loading (e.g. without node restart) runtimes after they are fetched.