Politeia: Proposals in a Timestamped Filesystem

A project from the Decred community re managing proposals.


The rough idea is “git plus timestamping”, and rather than reinvent the wheel, Politeia makes direct use of git for revision control. Git is an excellent tool for revision control, but it gives only limited assurances as to when a particular change was made, e.g. you can recreate a git repository with fake timestamps without much effort. As you can imagine, this ability to arbitrarily recreate a git repository makes it a less-than-ideal candidate for creating an indisputable format for recording data. However, by adding cryptographic timestamping to git, we obtain a means of recording data that cannot be arbitrarily rewritten. Episodically “anchoring” a repository’s commit hash into the Decred chain using dcrtime and then committing the anchor data to the same repository creates a time-ordering that is computationally infeasible to recreate.

For Decred, Politeia will provide an unalterable public record of proposals, comments on proposals, and stakeholder votes. Although Decred will be using Politeia in a public capacity, it can provide similar utility as a private unalterable store of data. This generic concept of versioned and timestamped data can be applied in numerous public and private use cases, e.g. document and record storage, reputation and identity systems, and supply chains.

Honestly, even though the concern about git is valid, I don’t know whether in practice it will ever be an issue. Git projects can be forked so it would be really hard to pull off a rewrite of merged proposals w/o getting noticed. That being said, this is still an interesting project and I anticipate their launch.


Thanks for sharing! To help me understand better, how do you see this being applied to Grin?

I think authoring past non-broken code is the main measuring stick of dev trust; if/when the state really starts to attack cyptro, that git is owned by mircosoft who were not on the right side of history for the encryption debate of the 90’s(and probably still not cough; but you know cipher punks are crazy for about 10 years before being proven right) could be a concern and breaks the trust model of speculators.

Latin char soup rapidly excludes people from understanding everything; so you trust a dev team. If someone can copy the code and claim to be the authors all along if git becomes untrustworthy its a problem.

If someone does make the thing, reuploading the code signed would be a nice bit of security.

I haven’t thought through applying this to Grin but I wanted to bring it up w/ respect to the risk management doc. Doing something secure about git helps mitigate the issue of a developer getting hacked or intentionally trying to hurt Grin in different ways.

Another good thing to do would be to mirror the organization across hosted git services (eg. gitlab.com) and/or on a self-hosted server like gitlab or gogs and ensure the use of separate credentials across services.

I am also assuming that once the mainet is released, the community will adopt a public proposal process* where proposals to protocol updates and new features will be peer-reviewed and stored in git. One more reason to pay some more attention to it.

*GIP, GRIP, GREP? :slight_smile:

1 Like

Politeia is now released in production: https://blog.decred.org/2018/10/15/Politeia-in-Production/