<blockquote>
<p><em>This is a Bisq Network proposal. Please familiarize yourself with the <a href="https://docs.bisq.network/proposals.html" rel="nofollow">submission and review process</a>.</em></p>
</blockquote>
<h1>Summary</h1>
<p>Rather than hosting downloads on GitHub (<a href="https://github.com/bisq-network/bisq/releases">https://github.com/bisq-network/bisq/releases</a>), I am proposing we host them on a self-managed server. This will be additional work on our part to manage the server and maintain the downloads, but potentially worth while in the end.</p>
<h1>Rationale</h1>
<p>Hosting downloads on a server that we (a trusted contributor) has full control over will be beneficial in the following ways:</p>
<ul>
<li>
<p><strong>Eliminate trust in GitHub.</strong> Not only do we currently trust that GitHub downloads don't become compromised, but also that they don't start censoring downloads or access to the project in general. This seems like a centralized point of failure. However, hosting source code on GitHub (or any centralized service for that matter) should be less of a concern as if there are any interruptions the impact should be minimal and not disruptive to the end users - only a disruption to development.</p>
</li>
<li>
<p><strong>Ability to switch version control providers with minimal end-user impact.</strong> If at some point we decide to switch to another version control service provider, all existing (outdated) client applications will still be checking for updates from GitHub since the URL is hard-coded.</p>
</li>
<li>
<p><strong>Provide deterministic source zips/tarballs.</strong> As is done with Bitcoin Core and stated on their GitHub releases page (<a href="https://github.com/bitcoin/bitcoin/releases">https://github.com/bitcoin/bitcoin/releases</a>), we should recommend to not use the source download links provided by GitHub but rather our own files which should be generated deterministically.</p>
</li>
</ul>
<h1>Responsibility</h1>
<p>We will either need a new role or utilize an existing role (and contributor) to take on this responsibility. I believe the <a href="https://github.com/bisq-network/roles/issues/63" data-hovercard-type="issue" data-hovercard-url="/bisq-network/roles/issues/63/hovercard">Bisq Maintainer</a> role would make sense since they handle the release process.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/proposals/issues/72">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AkpZtj_Vrh3rtNiZ4QBBcYbK6d1pDYK8ks5vMSIYgaJpZM4azrPH">mute the thread</a>.<img src="https://github.com/notifications/beacon/AkpZtoolP0TWqHsQMUwXf_4JAMwFSmobks5vMSIYgaJpZM4azrPH.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/bisq-network/proposals","title":"bisq-network/proposals","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/bisq-network/proposals"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Host downloads on self-managed server (#72)"}],"action":{"name":"View Issue","url":"https://github.com/bisq-network/proposals/issues/72"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/bisq-network/proposals/issues/72",
"url": "https://github.com/bisq-network/proposals/issues/72",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>