With the grants and bounty program slowly taking shape, I think opening up the site for contributions would make a lot of sense. Is there a reason it isn’t right now?
I think there’d definitely be a lot of good for that, because we could integrate several of the existing dashboards and explorers into the rocketpool.net site (even if just as an iframe or redirect to the other tools).
I think Joe told me that part of the reason it’s not is to prevent scam sites from popping up. Well, looks like it’s not stopping people.
I wouldn’t expect this to be foolproof, but closed source may be preventing the scam site problem from becoming worse. That said, closed source has other downsides, like preventing people from learning about how the protocol works and reducing trust in the security of stake.rocketpool.net.
I’m also in favor of open-sourcing the website because of this.
It would be a shame for anyone to prefer buying rETH on an open source front-end market simply because they can verify the stack all the way down to the contract. If rocketpool.net isn’t open-sourced, someone will come along and create an open-source staking site eventually anyway.
Taking it a step further, can the community simply take ownership of the website? Genuine question and I’d like to make a case for why this is net-positive for the product and team.
- We have a better web property (rocketpool.fi). .net has never been in vogue and lately has been a TLD of choice for copycats and scammers. This is one factor contributing to a “scammy” feel that some users report when visiting the website.
- Better designs (examples below).
- Website could be open-sourced and accepting of community contributions per suggestion above.
- Team could retain ownership of the website via Github and be involved as much or little as they’d like. Ideally this would take some pressure off the team so they can focus on other dev efforts. Win-win.
Community-led branding/website examples:
- Ex 1, @coop.eth’s DAO proposal: New Design for RocketPool's Website
- Ex 2, @ccleaver.eth’s branding ideas: Discord
All in favor of opening up the rocketpool website. It would allow a faster development cycle by allowing the community to directly contribute.
Currently with the website(s) being closed source, we have around 2-3 sinister (scam, phishing, harmful to the brand, fraudulent, etc.) sites per month being reported.
The team would like to open source the website(s) and receive contributions from the community, however we have concerns around the increased risk exposure for sinister sites to be created.
Open sourcing the website(s) would make it extremely easy for sinister sites to be deployed which could:
- increase confusion for new users
- increase the likelihood that users could get scammed or have a bad first experience, damaging the the Rocket Pool brand
- increase the likelihood that sinister websites will be deployed to countries outside legal jurisdictions for take downs
- increase the time spent by the team attempting to get sinister sites taken down
An increased population of clone websites (sinister or not), weakens our legal position when attempting to get sinister websites taken down.
Happy to discuss.
Public web sites can be cloned quite easily without source code.
Can’t legal cloning of the site be prohibited through the chosen license and Rocket Pool trademarks? If so, then you’re only dealing with sinister sites, and I’m not sure it’s a given that open sourcing would result in an increase in sinister sites.
While open source code might make a scammer’s job slightly easier, I believe this is offset by the greater benefit which open source provides via community-driven bugfixes and contributions.
As @14d9 said above, it’s relatively easy to duplicate a website even without the source code, so the only protection provided is against the laziest of malicious actors.
I can’t speak to the legal situation, however, and if there are a high number of scam sites being created regularly, I understand wanting to minimize the effort needed to issue takedown requests.
As an in-between, might there be room for generously permissioned community access here? I think there’s folks that want to contribute and have longstanding community presence. All we really need is for the bar to get invited to be significantly harder than copying without source.
I don’t think we can argue that a front-end interface will keep scammers away or even make their operations harder at all. Determined ones will always find a way to do what they want, and it’s already clear based on some obvious copycat scam sites that worked well without needing the source.
Now is a time more important than ever to make interfaces open source because of the recent censorship events. We cannot make the claim that rocketpool is truly decentralized and trustless if there are obvious centralized and trusted components in the system. If there are bugs or other problems, the community will be able to help if it is open source.
If we already own another domain and no open sourcing is done with the .net site, I say we take it into our own hands to develop an alternative site and encourage everyone to use it. We own rocketpool anyway, literally
I can help with basic things if need be, front or back end. but, I am not very good with pretty design stuff.
IMO the cost of not being able to accept community contributions is greatly outweighing the benefit of making it very slightly harder to clone. Can we get a renewed consideration of this?
If the team really doesn’t want to open source a middle-ground might be keeping a private repo with approved/trusted contributors.
Our brand is genuinely hurting our legitimacy and growth and a simple website refresh would do wonders.
I’m in favor of open sourcing the website. Use the vast skills available in our community.
If the website gets shutdown for whatever reason, the community should have a reliable source code to spin up a clone. If not, it will give scammers, who already have a scammy-clone, an easy way to scam.
This is literally the reason why all large defi projects have their front end code open sourced.
I second that, I feel like this is the way to go for a project that aims to be “open source, decentralized”. Scammers gonna scam anyway. The argument that the website not being open source makes it harder sounds a bit to me like when people advocate for closed source when it comes to not getting hacked.
Obviously depending on the law it may changes stuff I’m not aware of when legally trying to close those websites. I think things like the license mentionned above should be explored.
On top of that the current website is… Not the the best ! I’m sure the community could give it a boost for free (almost)
I absolutely support that.
I can’t believe we as a community even have to fight for that. There are literally several people out there who already provided demos of a new layout for free.
Would this be a bad thing? Having multiple non-scam front-ends arguably encourages decentralization of front ends.
That being said, I like the idea of the rocketpool.net front-end being open source to allow community contributions, but I also think it’s possible to create a separate open-source community frontend even without having rocketpool.net source.
I volunteer to help with an open source frontend, if someone else can help with design work. We need Rocket Pool to be more decentralized now. No word from the core team, means that we will have to make a decision ourselves.
We do not want to be laughed at as a “decentralized” service with a centralized closed source front end after the censorship the ETH community saw this year. All development should be opened up, especially because we supposedly have a stake in the protocol via RPL. As a community we should be able to say we own Rocket Pool.
One avenue is to create an RPIP mandating some open source front end, maybe allocating a small amount of RPL for a job well done. Even just creating the RPIP will raise more awareness.
Appreciate the enthusiasm here! I humbly suggest that, instead of a separate RPIP, the community put together a grant application which can go to the GMC, presuming that eventually gets passed. @calurduran is working on an RPIP for that here: Grants Committee Draft RPIP - Google Docs
Also see discussion on the GMC here: Discord
That is a good suggestion, thank you. But I also think we should not wait for GMC before we start developing. Maybe the front end project would be considered for a retrospective award, except we would not be able to create the proposal for our own retrospective award according to that document.