Towards decentralized alternatives for code collaboration: building Radicle, a peer-to-peer network for code collaboration (Alexis Sellier (cloudhead)) [FOSDEM 2020]

link slides

Git is used for collaboration, but it misses a few things: discovery of patches, finding the canonical source, and controlling social artefacts (bugs, reviews, …).

Two solutions exist for that at the moment: mailing lists with all their limitations, and forges. The problem with forges is that they tie in with a service.

Peer-to-peer systems have a few advantages over this. They are more resilient: economic (if the service provider dies), political resilience (it can’t just be shut down) and technical resilience (same thing).

For example, Secure Scuttlebut is a protocol for peer-to-peer social network. In scuttlebut, a user replicates all the info from their friends and friends-of-friends. So everything gets a few copies, but not everyone needs to store the world. Identities are cryptographic and this limits access.

Can we do something similar for code collaboration? Radicle is basically git+peer-to-peer. It is offline-first (git). It is secure because everything is signed with ECDSA. It uses the network setup of scuttlebut, but using remotes as the “friends”. It takes the key management of TUF, which can deal with lost and compromised keys. git is used for storage. Git was anyway dsigned for the “bazaar” model which matches very well with P2P.

With Radicle, each user has two copies of the repository: a working tree, and a hidden replica that is automatically synchronised with peers. You push and pull to/from the replica. The replica stores a second level of remotes (friends-of-friends). It also has internal branches for metadata: project for project metadata and contributor for the user’s metadata. The working model is pretty much normal git: git push publishes your state.

The project metadata has a list of maintainers. To update it, it needs to be signed with the key of one of the maintainers.

The contributor metadata contains the signatures of the commits done by that contributor.

Radicle will publish an announcement when a new ref is pushed, and it will pull the changes when it receives such an announcement. When pulling, it also verifies metadata.