-
Notifications
You must be signed in to change notification settings - Fork 708
/
metadata.yml
78 lines (76 loc) · 3.42 KB
/
metadata.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
title: A Decentralized Protocol for Remunerating the Open-Source Ecosystem
abstract: >
Creating an open, public and stable registry for all open-source software
would empower projects to publish releases independently rather than rely on
third parties who assemble this irregular data into hundreds of separate
(and duplicated) systems. Package maintainers will publish their releases to
a decentralized registry powered by a Byzantine fault-tolerant blockchain to
eliminate single sources of failure, provide immutable releases, and allow
communities to govern their regions of the open-source ecosystem,
independent of external agendas.
tea incentivizes the maintenance of open-source by allowing network
participants to stake value against the packages they depend on and want to
secure. The tea protocol’s graph provides immutable package registration,
dependency requirements, package authenticity, and usage oracles to inform
the tea remuneration algorithm. Systematic inflation is distributed to all
packages based on that algorithm. If security or development issues are
found, developers can make claims supported by evidence against the package,
and slashing may occur. Members of the open-source community can review
packages for quality issues, and the protocol can respond to these reviews
by enacting proportional slashing events.
author:
- Max Howell
- Timothy Lewis
- Thomas Borrel
references:
- id: sources
url: https://github.com/teaxyz/white-paper
- id: cc
url: https://creativecommons.org/licenses/by-sa/4.0/
- id: nist
url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- id: reuters
url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA
- id: twitter
url: https://twitter.com/yazicivo/status/1469349956880408583
- id: w3
url: https://www.w3.org/TR/did-core/
- id: theregister
url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/
- id: fossa
url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/
- id: lunasec
url: https://www.lunasec.io/docs/blog/node-ipc-protestware/
- id: github
url: https://github.com/dominictarr/event-stream/issues/116
- id: zdnet
url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/
- id: threatpost
url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/
- id: fbi
url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618
- id: europol
url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
- id: medium
url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502
- id: semver
url: https://semver.org/
- id: npmjsCrossenv
url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html
- id: npmjsLodash
url: https://www.npmjs.com/package/lodash
- id: npmjsChalk
url: https://www.npmjs.com/package/chalk
- id: npmjsLogFourjs
url: https://www.npmjs.com/package/log4js/
- id: arxiv
url: https://arxiv.org/abs/1207.2617/
- id: web3
url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html
header-includes:
- \usepackage{fancyhdr,ragged2e}
- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}}
- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}}
- \setlength{\headheight}{5\baselineskip}
- \pagestyle{fancy}
- \fancyfoot[LE,RO]{© 2022 tea.inc.}