The Dangers of GitHub and the Importance of Code Collaboration as a Protocol: Radicle
In today’s ever growing hostile world, code collaboration platforms like GitHub and Gitlab are a potential hazard. In this Article I want to make the case why we need “Code collaboration as a protocol” and why it would address potential issues as well as improving Developer Experience.
By the end of this post I hope to answer the following questions :
- What are the current issues with Github/Gitlab ?
- What benefits would a protocol for Code collaboration give to Software developers and OSS?
- What is Radicle? How does Radicle fit in this Story?
What is wrong with Github/Gitlab/etc ?
GitHub and Gitlab are important tools that help us collaborate on code. Built on top of the Git protocol they let us share code and useful metadata: project issues, community discussions, user profiles, and project history.
Git helps us share and track changes to code, while code hosting platforms provide a way for us to interact as a community, managing things like our online identity and project visibility.
🚫 Arbitrary access
In the last years we have been experiencing an increasingly hostile and politicised environment for sharing ideas and this has been extended to collaboration tools like Github/Gitlab which have to abide to local legislation.
- 🚫 Banning individuals from particular countries/nationalities:
As the world is taking a turn towards conflictive geopolitics , it is worth asking whether you yourself might might be an innocent casualty:
Q: What if my country of birth makes a bad decision that I can’t control, but then I face sanctions just because I was born there?
2. ❌ Removing specific projects (on legal grounds):
- GitHub takes down YouTube video download tools after an RIAA notice
- Circle, GitHub Comply With Tornado Cash Sanctions
Q: What if the project I am working on suddenly becomes unpopular or controversial?
3. 🔐 Limiting freedoms to run, copy or extend a piece of software? (GNU philosophy)
I picked an extreme and controversial example, but you get the gist.
My GitHub profile is a combination of my identity and portfolio. It showcases my contributions and interests. It’s important to me personally and also serves as a tool when I’m searching for a new job or when potential employers are looking for me.
As we currently stand our user profiles could be deleted at any time. We deal with all the classic issues of identity in closed social media platforms: you don’t own it.
An interesting point is that not many people sign their commits on Github or Gitlab. Signing commits is as far as I understand the only way to convey identity via the Git protocol.
🏛 ️Lack of Governance for decentralised projects
Github governance goes as far as having roles per project (Admin, contributor). However there is a new class of Software projects: Decentralised projects, Crypto projects, DAOs..
At least in principle these are requiring new tooling for Governance.
Under the Github/Gitlab principles there is no space for these new emerging needs for Governance.
An Open protocol would allow anyone to implement whatever governance mechanisms they need to operate
Code collaboration as a Protocol
If we think of code collaboration as a protocol rather than a platform, anyone can both access and create data that follows that protocol. This means that repositories, code, issues, users, and comments would all be open and organized in a similar way to how we manage code repositories.
Anybody would be able to implement a custom client if need be, or even extend the protocol to include new data. Anybody would be able to provide a specific implementation of the protocol.
Radicle is such a protocol implementation
Radicle is an Open source code collaboration Protocol. It keeps git at the core, but it builds the GitHub/Gitlab parts as a protocol. Issues, project discovery, governance , project funding all of these are part of the protocol .
Please bare in mind that in this article I am trying to explain why Radicle is relevant and not the technical minutia of how it operates.
Data in Radicle is stored and distributed via P2P using a protocol that is being implemented called heartwood . You can currently use Radicle even though heartwood is in development.
What does Radicle entails?
- Repositories can’t be censored
- OSS protocol and clients to access protocol data
- Git workflow is kept identical.
- Repositories come with extra data : Issues, PRs..
- OSS funding via crypto rails
Radicle comes battery ready when it comes to identity.
You can’t use Radicle without having a private key first. By default this means your git commits are signed: Your identity is your private+public key. Everything (Issues, commits, comments, patches ) under Radicle is signed using your identity (Keys).
Radicle also allows you to connect your identity with an ENS (Ethereum Name Service) domain. Because the data running under the protocol is open, it opens up a lot of possibilities. For example, cryptocurrency projects could use your ENS and contributions to improve your credit score or make you eligible for open-source software donations.
❌ Github/Gitlab: A story of Bad defaults for identity
Git was designed to be a decentralized protocol, which means that there is no aspect of the protocol that verifies a user’s identity against a database of users. One way to prove that you are who you claim to be is by signing commits using a private key. This means that you use your private key to add a digital signature to your commits.
On platforms like GitHub signing your commits is an option and not the default, I believe this is a bad default.
🛠️ Tooling: An Open Ecosystem
As radicle is a protocol and not a platform, anybody is able to write clients or integrations to leverage the data within the protocol.
You don’t like the current client displaying issues or diffs for PRs?
you could fork your existing client and make it your own
Github/Gitlab are closed ecosystems, we rely heavily on whatever is on their roadmap.
With an open protocol, we as a community would have the ability to move in the direction we want, rather than being dependent on corporate roadmaps. This could give rise to new companies that focus on creating the best tools, rather than having just a few giant companies monopolizing network effects and wealth.
💰 OSS Funding
I think that Radicle could also have a big impact on open-source software funding. I saved this topic for last because I was afraid it might scare off people who are not interested in cryptocurrency. However, Radicle is set up in such a way that it could revolutionize the way we fund open-source software using cryptocurrency.
Radicle sets the rails for Crypto currency in the protocol:
- Having crypto at the core of OSS fundings means it would help avoid cases where Crowdfunding get censored because of Political stances.
- It could introduce new mechanics, for example : issue solving incentives. You want your issue to be resolved sooner? then you can incentivise developers with a bounty.
- Radicle Drip protocol is a crypto protocol being built by the Radicle team. It allows people to make donations to a project. It automatically distributes the donations to the contributors in a transparent manner.
- This kind of railing might allow for tighter accountability and maybe new ways for Software developers to find jobs
🏛 Decentralised Governance models: DAOs
Currently Github repos are managed via Organizations where there are some Admin and contributor Roles. Under a protocol these mechanism could be abstracted and implemented in different ways. One alternative would be to copy Github mechanism and have equivalent Admins/Contributors role.
Another implementation could provide Governance via a DAO.
Code itself is an asset for an organisation and under a DAO choices made on it could be leveraged via “smart contracts”.
A few escenarios coming out of my head where DAOs could play a role in governance are:
- Deciding The roadmap of a product
- Deciding what direction to go when there is a fork on the road
Radicle itself is governed via a DAO. I know very little about DAOs but I suspect Radicle itself could be implementing a lot of the tools to let DAOs have ownership of Code artefacts.
⚡ Is Radicle a Crypto project ?
Radicle might be tagged as a crypto project but I find it confusing to do so.
Radicle has a coin which uses for the governance of its development: In other words is backed by a DAO.
The protocol implementation is totally crypto agnostic. However radicle sets the rails for crypto payments and crypto incentives for OSS . Radicle community is obviously crypto friendly and I can imagine there will be a lot of experimentation with crypto technology for OSS incentives.
The punchline here is : you can use Radicle and opt out of its crypto features if you want.
🤔 Final thoughts
You can think of Code collaboration as a protocol the same way that you think of Twitter vs Nostr/Mastodon. The Twitter migration have sparkled a lot of development and enthusiasm as Mastodon/Nostr are built on open protocols.
I did not go into any details on how Radicle works in this article, I wanted to make a case on why it is relevant as of early 2023.
My experience using Radicle’s CLI
I tried using Radicle in December 2022 and it was a really interesting experience. I definitely want to continue using it as the Radicle team works on implementing their vision. As a developer, I’m interested in having control over the identity under which I make contributions. I’m also interested in seeing how future software development projects could be funded, and potentially discovering new ways to get hired as a developer.
As of today Radicle is still in early stages and at best they have created a very promising MVP. If you were to try it at the time that this article is published you would probably find some rough edges. You can think of it as an opportunity to contribute either with your code or ideas.
It’s a common theme in the news and on YouTube, but it really feels like our world is entering a multipolar stage. In this stage, it seems like geopolitical parties don’t trust each other and try to undermine each other. The software community has always been open to anyone based on their contributions, regardless of factors like age, location, nationality, gender, etc. If we want to continue collaborating together, it seems like we might need a code collaboration protocol. Until a few years ago, I thought that GitHub was good enough, but under the current context, I believe that relying too heavily on these tools is a disaster waiting to happen.
Finally, I wrote this article entirely from a Software Engineering perspective. I am curious about building Software. I know very little about Crypto investments and this blog post is not advising you to buy or sell any type of crypto asset.