Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plan for removing the sovrin token. #28

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

esplinr
Copy link

@esplinr esplinr commented Jan 24, 2021

No description provided.

Copy link

@askolesov askolesov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look really great! I've suggested only minor improvements.

text/5005-token-removal/README.md Outdated Show resolved Hide resolved
text/5005-token-removal/README.md Outdated Show resolved Hide resolved
text/5005-token-removal/README.md Show resolved Hide resolved
text/5005-token-removal/README.md Outdated Show resolved Hide resolved
text/5005-token-removal/README.md Outdated Show resolved Hide resolved
Copy link

@askolesov askolesov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work

@esplinr esplinr changed the title WIP Plan for removing the sovrin token. Plan for removing the sovrin token. Jan 30, 2021
Signed-off-by: Richard Esplin <[email protected]>
@esplinr
Copy link
Author

esplinr commented Jan 30, 2021

For reviewers: a convenient link to the PR for the Indy HIPEs that are linked in the SIP.

Three more recently discovered concerns.

Signed-off-by: Richard Esplin <[email protected]>
* It has only been tested on Ubuntu 16.04, which will reach end-of-life in March 2021. The plugin could break while upgrading the Sovrin Networks to newer versions of Ubuntu.
* It has only been tested on Python 3.5, which reached end-of-life in September 2020. The rest of Indy has been difficult to upgrade, so it is unlikely the token plugin will work.
* It depends on the deprecated [Indy Crypto](https://github.com/hyperledger/indy-node), the predecessor to [Hyperledger Ursa](https://github.com/hyperledger/ursa). Indy Crypto has not received security updates or other improvements since October 2019. Because the rest of Indy uses Ursa, there is an additional risk of a dependency conflict.
* It’s build process depends on the Sovrin deployment of Jenkins for CI / CD, which has not been maintained since early 2020. It is likely that the unit tests and system tests won’t run.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Jenkins CI/CD process(es) runs the tests in containerized environments. If the test run on a developer's machine, they will run on the equivalent containerized environment during the build process.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no confidence that the tests will run on a developer's machine.

Copy link
Member

@WadeBarnes WadeBarnes Feb 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current test failures are due in whole to dependency issues, details provided in the RC channels. Once those are addressed the tests will function in the containerized environments under Jenkins, or on a developers machine.

* It has only been tested on Python 3.5, which reached end-of-life in September 2020. The rest of Indy has been difficult to upgrade, so it is unlikely the token plugin will work.
* It depends on the deprecated [Indy Crypto](https://github.com/hyperledger/indy-node), the predecessor to [Hyperledger Ursa](https://github.com/hyperledger/ursa). Indy Crypto has not received security updates or other improvements since October 2019. Because the rest of Indy uses Ursa, there is an additional risk of a dependency conflict.
* It’s build process depends on the Sovrin deployment of Jenkins for CI / CD, which has not been maintained since early 2020. It is likely that the unit tests and system tests won’t run.
* It's testing process depends on [Indy SDK](https://github.com/hyperledger/indy-sdk/), which [has an uncertain future](https://github.com/hyperledger/indy-sdk/pull/2329) as development is focused on [Indy-VDR](https://github.com/hyperledger/indy-vdr/).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indy-sdk 1.16.0 was built 2021.02.21, moving forward, testing would need to migrate to the tools adopted by the community. This would be the same for indy-node.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. But we have volunteers to do that work for indy-node, and no one to do that work for the token.

@WadeBarnes
Copy link
Member

Without the plugin (once the ledger has been frozen and the plugin removed) how can the ledger history be validated when there have been transactions processed by it?

@esplinr
Copy link
Author

esplinr commented Feb 25, 2021

Wade asks:

Without the plugin (once the ledger has been frozen and the plugin removed) how can the ledger history be validated when there have been transactions processed by it?

The SIP explains:

Sovrin StagingNet is a stable ledger for demonstration and testing purposes. It is widely used even though no guarantees are made about the history of StagingNet. It is intended to be reset regularly but has never been reset in practice.

Sovrin BuilderNet is used to test new Indy releases for stability before the other Sovrin networks. It is useful for developers building solutions, but makes no guarantees about preserving history. BuilderNet was reset in June of 2020. It has an initialized token ledger and a history of only a few token transactions that include two SET_FEE transactions.

This policy is based on the Sovrin Steward Technical and Organizational Policies v2:

  1. If at any time for any reason Personal Data is discovered on the Permissioned Test
    Network:
    a. The Sovrin Foundation MUST be notified immediately.
    b. Within 48 hours of notification, the Sovrin Foundation MUST reset the Permissioned Test Network to erase the Personal Data.

But per @WadeBarnes 's suggestion, I made it more explicit here:

  1. The history of transfers of value will be unrecoverably lost when the token ledger is dropped during the plugin removal. This is appropriate, because token transactions are only on the test networks (StagingNet and BuilderNet) where the history is not expected to be permanent (see Sovrin Steward Technical and Organizational Policies section "Permissioned Test Network Policies").

Edit from @WadeBarnes:
This covers the scenario where the ledger is dropped. What if the ledger is retained? i.e Ledger frozen, ledger (data) retained, plug-in removed (uninstalled).

@esplinr
Copy link
Author

esplinr commented Feb 26, 2021

This covers the scenario where the ledger is dropped. What if the ledger is retained? i.e Ledger frozen, ledger (data) retained, plug-in removed (uninstalled).

I don't see how that is relevant to this SIP. Operation of the network is unaffected either way. We put in the extra effort to cleanly remove the data by dropping the ledger, because we want to leave the network in the best state for long term maintenance.

  • On MainNet, keeping an additional empty ledger around forever could cause us future complications simply due to the added complexity. Years in the future, it won't be obvious what the unused empty ledger is for.
  • On StagingNet and BuilderNet, I don't see why we would retain test data on a test network that by policy can be deleted at any time.

But it doesn't really matter either way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants