[bisq-network/projects] Research a solution for dynamically loading remote modules (#53)

chimp1984 notifications at github.com
Thu Apr 29 17:22:37 CEST 2021


> _This is a Bisq Network project. Please familiarize yourself with the [project management process](https://bisq.wiki/Project_management)._

## Description
Research a solution for dynamically loading remote modules.

## Rationale
For the multi-protocol / multi-blockchain project we need to support different blockchains and wallet modules. It would not scale to ship all those with the core application.
We need a model to load on demand what the user is interested to use. E.g. user choose to trade Zcash. The Zcash wallet and blockchain module is loaded and the user needs to connect it to their local Zcash wallet or install it. The local wallet installation will not be handled by Bisq only the interface module(s) which enables to talk to it (e.g. a rpc based interface).  

## Criteria for delivery
- A summary of the research and possible options
- A description of the proposed solution
- A prototype demonstrating the use case, the verification steps can be omitted for that 
- Cross check with the contributors working on https://github.com/bisq-network/projects/issues/52 to verify the solution meets their requirements.
- Optional: RFC like specification. Can be reduced to the critical parts like the cryto used for verification
	 
## Measures of success
The provided results are considered sufficient to be used as base for implementing the feature.

## Risks
- No solution found
- No sufficient progress
- Quality of investigation insufficient
- Solution does not fit goals or constraints of overall project

## Tasks
-[ ] Investigate and research options
-[ ] Design architecture 
-[ ] Demonstrate with a prototype basic use case
-[ ] Write up proposed solution 
-[ ] Optional: Write RFC

## Estimates
This investigation should be scoped from effort and time. I think teh scope of 2 weeks for 1 contributor should not be exceeded. According to that the contributor should post their expected compensation.

## Notes
The downloaded module need to be verified similar as we do the in-app download in Bisq using pgp keys and verifying the signatures. Pgp keys are shipped in the app so even if one manages to hack out Github accounts and change the keys there it would be detected. Only for first time users that would not help.
The download for the Bisq updates are not routed over Tor as Github does not support that and it would add a new burden to host ourself those binaries and would decrease security, download speed and reliability (Github is better suited to deal with it). I would suggest to keep that limitation and not take anonymous access for the download as a requirement (all what Github learns is that the user on that IP uses Bisq).
The solution should work with a min. set of dependencies and those dependencies should carry low risk. Techniques which might add security risks should be avoided.
Downloading the remote module is one task. How to start it from an running process is another open challenge and not clear yet if it is a requirement (requiring a restart can be ok, if on the fly integration is too difficult or comes with security risks). So that aspect should be clearified in the investigation as well.
There should be also the option to download (and verify) the modules manually.

There was an old project with an automated update process from the author of BitcoinJ: https://github.com/vinumeris/updatefx
Maybe there are useful ideas.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/projects/issues/53
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210429/496a743a/attachment.htm>


More information about the bisq-github mailing list