Soon, we will complete all steps regarding decentralization of our token, v4 smartcontracts & treasury. Which is awesome!
But that lead me to another dilemma: Ocean is more than that. We have backend components, frontend, etc. How to protect them in a catastrophic scenario like :
malicious actor gets full github access and deletes the project (although we have all necessary precautions in place now)
github as org disappears over night
etc
Proposal:
We already use releases for almost all of our repos. What if, for every release, we are going to create a source.tar.gz and publish it to IPFS ?
Create new github actions flow for every repo, that is triggered on release and does:
[ ] spins local ipfs node
[ ] creates a tar.gz archive of source code
[ ] uploads archive to ipfs and gets the CID
[ ] pins CID using one or more public services like Piniata
[ ] tweet that release and CID, so other people can find it later
Soon, we will complete all steps regarding decentralization of our token, v4 smartcontracts & treasury. Which is awesome! But that lead me to another dilemma: Ocean is more than that. We have backend components, frontend, etc. How to protect them in a catastrophic scenario like :
Proposal: We already use releases for almost all of our repos. What if, for every release, we are going to create a source.tar.gz and publish it to IPFS ?
Create new github actions flow for every repo, that is triggered on release and does: