mev-boost icon indicating copy to clipboard operation
mev-boost copied to clipboard
verified publisher icon flashbots

Open-source relay - which license to use?

Open metachris opened this issue 3 years ago • 8 comments

We will open source our mev-boost relay!

(ETA early September)

For context, this is our Ropsten relay: https://builder-relay-ropsten.flashbots.net (see also the Relay API Documentation)

What's your opinions on the license we should use, and why?

See also https://choosealicense.com/licenses

Note: We were strongly considering AGPL, which would oblige anyone making changes to publish them as well, in order to foster a thriving development ecosystem around the mev-boost relays.

metachris avatar Aug 04 '22 14:08 metachris

Can you give us a bit more context on what exactly would be open sourced? For example does it include a lot of "operational" specifics like interacting w/ nodes for propagating revealed blocks? Or is it purely the "routing" portions of the relayer? IMO the more operational specific parts should be under a more "permissive" license since those are the parts that are more likely to new to be specialized for a particular deployment of the relay, but I'd be open to hearing others opinions on even those parts being AGPL (to perhaps foster collaboration across teams).

ryanschneider avatar Aug 04 '22 15:08 ryanschneider

The relay includes a bunch of responsibilities, and services designed to be run in a highly concurrent manner. Here's a quick list of the main parts:

Builder APIs

  • provides upcoming validator duties with proposer preferences
  • receives and simulates/verifies builder block submissions
  • handles block submission spam
  • stores valid block submissions in a redundant way

Proposer APIs

  • handles validator registrations
  • delivers bids and payloads to the proposer

Data API

  • https://flashbots.notion.site/Relay-API-Spec-5fb0819366954962bc02e81cb33840f5#38a21c8a40e64970904500eb7b373ea5
  • Delivered payloads, like https://builder-relay-ropsten.flashbots.net/relay/v1/data/bidtraces/proposer_payload_delivered?limit=2
  • Further data APIs are still in flux

Website

  • Like https://builder-relay-ropsten.flashbots.net

Housekeeping services

  • Prepare validator registrations and duties for the APIs
  • Data cleanup
  • ...

metachris avatar Aug 04 '22 15:08 metachris

Pick the UPL license https://github.com/sambacha/use-UPL-not-MIT

or pick the mozilla MPL2 license

If you are worried about networking use the SSPL1.0 License instead of AGPL

agpl3 doesnt even cover its stated purpose for covering networked services

sambacha avatar Aug 04 '22 16:08 sambacha

Regarding SSPL see also https://opensource.org/node/1099 (OSI: "The SSPL is not an Open Source License")

metachris avatar Aug 05 '22 10:08 metachris

Regarding SSPL see also opensource.org/node/1099 (OSI: "The SSPL is not an Open Source License")

Neither is AGPL. AGPL is Free Software, not open source.

If you want Open Source, pick UPL.

diff of AGPL and SSPL: https://gist.github.com/metachris/e27dce77715564dfeaeac6be7d9dd625

sambacha avatar Aug 05 '22 10:08 sambacha

https://opensource.org/licenses/AGPL-3.0

metachris avatar Aug 05 '22 10:08 metachris

Firstly, I'm so happy that flashbots has decided to open-source the relay! I've been wanting to look at it for a while now. Personally, I am less likely to contribute to projects with copyleft licenses (GPL, AGPL, LGPL, etc). Some projects/organizations ask developers to not even look at GPL code to 100% ensure they do not contaminate their copyright projects. This is because copyleft licenses are very restrictive. All this to say, I recommend the Apache 2.0 license.

jtraglia avatar Aug 05 '22 19:08 jtraglia

Note that this license will apply only to the relay code as @metachris specified.

mev-boost, common utils, and other free software projects from flashbots will remain with their current license, usually MIT.

The relay is a temporary trusted component that enables us to mitigate mev while we explore permissionless PBS. We are looking for a collaborative relation between potential relay operators to get us to full permissionless in-protocol PBS, which is a fun, challenging and long road.

I think we can easily achieve that collaboration by always keeping in mind the PBS goal and ethereum stability and security. The particular licensing details are less relevant. What is important here is that the code will be free. And that collected data will be transparent to verify and analyze behavior, that's important too.

It's interesting to hear your strong opinions. We will receive all of them and take them into account, and make a decision after the security audit.

come-maiz avatar Aug 05 '22 19:08 come-maiz

We have decided to release it using AGPL. See https://github.com/flashbots/mev-boost-relay/pull/72

come-maiz avatar Aug 17 '22 14:08 come-maiz