1
0
forked from cheng/wallet
wallet/docs/setup/contributor_code_of_conduct.md

251 lines
12 KiB
Markdown
Raw Normal View History

---
title: Contributor Code of Conduct
...
# Peace on Earth to all men of good will
May you do good and not evil. May you find forgiveness for yourself and
forgive others. May you share freely, never taking more than you give.
# Operational Security
A huge problem with software that relates to privacy and/or to money is
that frequently strange and overcomplicated design decisions are made,
(passive tense because it is strangely difficult to find who made those
decisions), decisions whose only apparent utility is to provide paths for
hostile organizations to exploit subtle, complex, and unobvious security holes.
McAffee reported that this is a result of plants - the state plants engineers
in nominally private organizations to create backdoors. Shortly after he
reported this he was arrested and murdered by the US government. (To be
precise he was arrested at the instigation of the US government, and then
"mysteriously" murdered while in prison. Prison murders remain
"mysterious" only if carried out by the state.)
These holes are often designed so that they can only be utilized efficiently
by a huge organization with a huge datacentre that collects enormous
numbers of hashes and enormous amounts of data, and checks enormous
numbers of hashes against an even more enormous number of potential
pre-images generated from that data.
Another huge problem is that if we get penetrated by enemy shills,
entryists, and buggers, as the Patriot Front is and the Jan Sixth protestors
were, we are likely to wind up like the January sixth protestors, who as I
write this are imprisoned indefinitely being tortured by black guards
recently imported from the northern part of black Africa, awaiting
trial with no likelihood of any actual trial for years.
## No namefags
A participant who can be targeted is likely to introduce unobvious security
flaws into the software architecture. All contributors should make some
effort to protect themselves against a third party subsequently coercing
them to use the reputation that they have obtained by contributing to make
subsequent harmful contributions.
All contributors will use a unique name and avatar for the purpose of
contributing to this project, and shall not link it to other names of theirs
that are potentially subject to pressure. In the event of videoconferencing,
the participants shall wear a mask over the lower part of their face that
conceals the shape of their mouth and jaw and a rigid hat like a fedora that
conceals the shape of the upper part their head.
Apart from your mouth, the parts of your face that communicate non
verbal information turn out to be surprisingly useless for identifying
individuals.
If you wear glasses, should not wear your usual glasses, because facial
recognition software is very good at recognizing glasses, and easily
distracted, confused, and thrown off by unusual glasses.
Even if there are gaping holes in our security, which there will be, and
even if everyone knows another name of a participant, which they will, no
need to make the hole even bigger by mentioning it in public. People who lack
security are likely to result in code that lacks security. They come under
pressure to introduce an odd architecture for inexplicable reasons. We see
this happening all the time in cryptographic products.
# Code will be cryptographically signed
Of necessity, we will rest our developer identities on GPG keys, until we
can eat our own dogfood and use our own system's cryptographic keys.
Login identities shall have no password reset, because that is a security
hole. If people forget their password, they should just create a new login
that uses the same GPG key.
Every pull request should be made using `git request-pull`, (rather than
some web UI, for the web UI is apt to identify people through the domain
name system and their login identities.)
The start argument of `git request-pull` should correspond to a signed
commit by the person requested, and the end argument to a signed and
tagged commit by the person requesting.
When creating the tag for a pull request, git drops one into an editor and
asks one to describe the tag. One should then give a lengthy description of
2023-02-23 22:21:15 -05:00
one's pull request documenting the changes made.
When accepting a pull request, the information provided by the requestor
through the tag and elsewhere should be duplicated by the acceptor into
2023-02-23 22:21:15 -05:00
the (possibly quite lengthy) merge message.
Thus all changes should be made, explained, and approved by persons
identified cryptographically, rather than through the domain name system.
# No race, sex, religion, nationality, or sexual preference
![On the internet nobody knows you are a dog](../images/nobody_know_you_are_a_dog.webp)
Everyone shall be white, male, heterosexual, and vaguely Christian, even
if they quite obviously are not, but no one shall unnecessarily and
irrelevantly reveal their actual race, sex, religion, or political orientation.
2023-05-05 21:31:26 -04:00
Unnecessarily informing people one is female or Jewish or nonwhite
should get similar treatment to unnecessarily informing people one is a
pure blooded Aryan.
All faiths shall be referred to respectfully. Even if they happen to be
making war on us, this software may not be very relevant to that kind of
warfare, in which case that discussion can be held elsewhere.
All sovereigns shall be referred to respectfully, if they are referred to at all,
which they should not be. If this software is likely to frustrate their
objectives, or even contribute to their overthrow, no need to make it
personal, no need to trigger our enemies. War will come to us soon
enough, no need to go looking for it.
# No preaching supererogation
Status must be on the basis of code, good code, and clever code, not on
cheap claims of superior virtue.
When someone plays the holier than thou card, he does not intend to share
what we are sharing. Out of envy and covetousness, he intends to deny us
what we are sharing, to deny us that which is ours.
If he is holier than we are, he not only wants what we have, which we will
gladly share. He wants us to not have what we have.
Christians are required to turn the other cheek, and people attempting to
maintain a politically neutral environment need to turn the other cheek.
But you very quickly run out of cheeks, and then it is on. You cannot be
politically neutral when the other guy is not being neutral. You have to
bring a gun to a gunfight and a faith to a holy war. People who start
politics in an environment intended to be politically neutral have to be
purged, and a purge cannot be conducted in a politically neutral manner.
You have to target the enemy faith and purge it as the demon worshiping
heresy that it is, or else those attempting to maintain political neutrality
will themselves be purged as heretics, as happened to the Open Source and
Free Software movements. You may not be interested in war, but war is
interested in you.
We want to maintain a politically, racially, religiously, and ethnically
neutral environment, but it takes two to tango. You cannot maintain a
politically neutral environment in a space where an enemy faction wants
their politics to rule. Neutrality cannot actually be neutral. It merely means
that the quietly ruling faction is quiet, tolerant of its opponents, and does
not demand affirmations of faith. If an enemy faith wants to take over,
the ruling faith can no longer be quiet and tolerant of that opponent.
## No claims of doing good to random unknown beneficiaries
We are doing this for ourselves, our friends, our kin, and our posterity, not
for strangers a thousand miles away, and we only care about strangers a
thousand miles away to the extent that they are likely to enable us to make
money by making them secure.
If someone mentions the troubles of people a thousand miles away, it
should only be in the frame that we will likely have similar troubles soon
enough, or that those people a thousand miles away, of a different race,
religion, and language, could use our product to their, and our, mutual
advantage, not because he cares deeply for the welfare of far away
strangers that he has never met in places he could not find on a map.
## No victim classes, no identity politics, and no globalism
The Open Source and Free Software movements were destroyed by
official victimhood. Status and leadership must be on the basis of code,
good code, and clever code, not on cheap claims of superior oppression.
The experience of the Open Source and Free Software movement
demonstrates that if victimhood is high status, code and code quality must
be low status. If victimhood is high status then “you did not build that”.
Rather, if victimhood is high status, then good code, silicon fabs, and
rockets spontaneously emerged from the fertile soil of sub-Saharan Africa,
and was stolen by white male rapists from the brave and stunning black
warrior women of sub-Saharan Africa, and social justice demands that the
courageous advocate for the brave and stunning black warrior women of
sub-Saharan Africa takes what you have, what you gladly would share,
away from you.
Unless, when a female contributor unnecessarily and irrelevantly informs
everyone she is female, she is told that she is seeking special treatment on
account of sex, and is not going to get it, no organization or group that
attempts to develop software is going to survive. Linux is a dead man walking.
# Style
Contributions should be gpg signed.
Never use any email address on a gpg key related to this project
unless it is only used for project purposes, or a fake email, or the
email of an enemy. We don't want Gpg used to link different email
addresses as owned by the same entity, and we don't want email
addresses used to link people to the project, because those
identities would then come under state and quasi state pressure.
if you add the recommended repository configuration defaults to your local repository configuration
```bash
git config --local include.path ../.gitconfig
```
This will implement signed commits and will insist that you have `gpg` on your path, and that you have cohfigured a signing key in your local config, and will refuse to pull updates that are signed by a gpg key that you have not locally trusted.
This may be inconvenient if you do not have `gpg` installed and set up.
It also means that subsequent pulls and merges will require you to have `gpg `ltrust the key `public_key.gpg`, and if you submit a pull request, the puller will need to ltrust your `gpg` public key.
`.gitconfig` adds several git aliases:
1. `git utcmt` to do a commit without recording your timezone in the git history
1. `git lg` to display the gpg trust information for the last few commits.
For this to be useful you need to import the repository public key
`public_key.gpg` into gpg, and locally sign that key.
1. `git graph` to graph the commit tree with signing status
1. `git alias` to display the git aliases.
```bash
# To verify that the signature on future pulls is
# unchanged.
gpg --import public_key.gpg
gpg --lsign 096EAE16FB8D62E75D243199BC4482E49673711C
```
We ignore the Gpg Web of Trust model and instead use the Zooko
identity model.
We use Gpg signatures to verify that remote repository code
is coming from an unchanging entity, not for Gpg Web of Trust. Web
of Trust is too complicated and too user hostile to be workable or safe.
Never --sign any Gpg key related to this project. --lsign it.
`gitconfig` disallows merges unless you have told `gpg` to trust the
public key corresponding to the private key that signed the tip of
the root. So part of the pull request process is getting the puller to
trust your public key, and you will not be able to pull updates
unless you tell `gpg` to trust the key that is in the root directory as
`public_key.gpg`.
Never check any Gpg key related to this project against a public
gpg key repository. It should not be there.
`gitconfig` disallows merges unless you have told `gpg` to trust the public
key corresponding to the private key that signed the tip of the root. So part
of the pull request process is getting the puller to trust your public key, and
you will not be able to pull updates unless you tell `gpg` to trust the key that
is in the root directory as `public_key.gpg`.
`.gitconfig` also imposes a whitespace style.