diff --git a/SUMMARY.md b/SUMMARY.md index 4cfcabe..0a903e8 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1,4 +1,4 @@ # Table of contents * [README](README.md) -* [white-paper 2.0.0](white-paper-2.0.0.md) +* [white-paper](white-paper.md) diff --git a/i18n/be/metadata.yml b/i18n/be/metadata.yml deleted file mode 100644 index ee7eba1..0000000 --- a/i18n/be/metadata.yml +++ /dev/null @@ -1,81 +0,0 @@ -title: Дэцэнтралізаваны пратакол для ўзнагароджання экасістэм з адкрытым зыходным кодам -abstract: > - Стварэнне адкрытага, публічнага і стабільнага рэестра для ўсяго праграмнага забеспячэння з адкрытым зыходным кодам - дазволіць праектам самастойна публікаваць рэлізы, а не спадзявацца на - трэція асобы, якія збіраюць гэтыя нерэгулярныя даныя ў сотні асобных - (і дубляваных) сістэмах. Супрацоўнікі пакетаў будуць публікаваць свае выпускі ў - дэцэнтралізаваны рэестр, які працуе на базе візантыйскага адмоваўстойлівага блокчейна каб - ліквідаваць асобныя крыніцы збояў, забяспечыць нязменныя выпускі і дазволіць - супольнасці для кіравання сваімі рэгіёнамі экасістэмы з адкрытым зыходным кодам, - незалежна ад знешніх парадкаў дня. - - - Tea стымулюе падтрыманне адкрытага зыходнага кода, дазваляючы ўдзельнікам сеткі - рабіць стаўку на пакеты, ад якіх яны залежаць і якія хочуць абараніць. Графік tea пратакола - змяшчае нязменную рэгістрацыю пакета, патрабаванні да залежнасцей, сапраўднасць пакета і аракулы - выкарыстання для інфармавання алгарытму аплаты гарбаты. Сістэматычная інфляцыя распаўсюджваецца - на ўсе пакеты на аснове гэтага алгарытму. Пры выяўленні праблем з бяспекай або распрацоўкай, распрацоўшчыкі - могуць прад'явіць прэтэнзіі, падмацаваныя доказамі супраць пакета, і можа адбыцца скарачэнне. - Члены супольнасці з адкрытым зыходным кодам могуць праглядаць пакеты на наяўнасць праблем з якасцю, - і пратакол можа рэагаваць на гэтыя праверкі шляхам прыняцця прапарцыйных рэжучых падзей. -author: -- Max Howell -- Timothy Lewis -- Thomas Borrel -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+be} # expand these variables! -lang: be # https://pandoc.org/MANUAL.html#language-variables -dir: ltr # language direction; ltr:left-to-right or rtl:right-to-left -translator: - - Yauheni Mastsepanau \ No newline at end of file diff --git a/i18n/bg/metadata.yml b/i18n/bg/metadata.yml deleted file mode 100644 index f718713..0000000 --- a/i18n/bg/metadata.yml +++ /dev/null @@ -1,82 +0,0 @@ -title: Децентрализиран протокол за възнаграждение на екосистемата с отворен код -abstract: |- - Създаването на отворен, публичен и стабилен регистър за целия софтуер с отворен код - ще даде възможност на проектите да публикуват версии независимо, вместо да разчитат на - трети страни, които събират тези непостоянни данни в стотици отделни - системи (дублиращи се). Участниците поддържащите пакети ще публикуват своите версии на - децентрализираният регистър, изграден на базата на византийски устойчив на грешки блокчейн за - елиминиране на единични източници на проблеми, осигуряване на неизменни версии и позволяване - на общностите да управляват своите раздели от екосистемата с отворен код, - независимо от външни програми. - - tea стимулира поддържането на отворен код, като позволява на участниците в мрежата - възможност за стейкинг срещу пакетите, от които зависят и за които осигуряват - защита. Графиката на tea протокола предоставя постоянна регистрация на пакетите, - изисквания към зависимости, автентичност на пакетите и оракули за използване за информиране - алгоритъмът за възнаграждение за tea. Системната инфлация е разпределена за всички - пакети, базирани на този алгоритъм. Ако се откриват проблеми със сигурността или развитието, - разработчиците могат да правят твърдения, подкрепени с доказателства срещу пакета, - и възможно е да се стигне до слашинг. Членовете на общността с отворен код могат да преглеждат - пакетите за откриване проблеми с качеството и протоколът може да реагира на тези проверки - чрез въвеждане на съответни слашинг събития. -author: -- Max Howell -- Timothy Lewis -- Thomas Borrel -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+bg} # expand these variables! -lang: bg # https://pandoc.org/MANUAL.html#language-variables -dir: ltr # language direction; ltr:left-to-right or rtl:right-to-left -translator: -- Svetlana Fyodorovna Dulapchi \ No newline at end of file diff --git a/i18n/de/metadata.yml b/i18n/de/metadata.yml deleted file mode 100644 index 389eaf1..0000000 --- a/i18n/de/metadata.yml +++ /dev/null @@ -1,81 +0,0 @@ -title: Ein dezentrales Protokoll zur Vergütung des Open-Source-Ökosystems -abstract: > - Die Schaffung eines offenen, öffentlichen und stabilen Registers für alle Open-Source-Software - würde Projekte in die Lage versetzen, Releases unabhängig zu veröffentlichen, - anstatt sich auf Dritte zu verlassen, die diese unregelmäßigen Daten in Hunderten von separaten (und duplizierten) - Systemen zusammenstellen. Paket-Verwalter werden ihre Veröffentlichungen in einer dezentralen Registrierung veröffentlichen, - die von einer byzantinischen fehlertoleranten Blockchain angetrieben wird, um einzelne Fehlerquellen zu eliminieren, - unveränderliche Veröffentlichungen bereitzustellen und es Gemeinschaften zu ermöglichen, ihre Regionen des - Open-Source-Ökosystems unabhängig von externen Agenden zu verwalten. - - - Tea fördert die Wartung von Open Source, indem es Netzwerkteilnehmern ermöglicht, - Werte für die Pakete einzusetzen, auf die sie angewiesen sind und die sie sichern möchten. - Das Diagramm des Tea-Protokolls bietet unveränderliche Paketregistrierung, Abhängigkeitsanforderungen, - Paketauthentizität und Verwendungsorakel, um den Tea-Vergütungsalgorithmus zu informieren. - Die systematische Inflation wird basierend auf diesem Algorithmus auf alle Pakete verteilt. - Wenn Sicherheits- oder Entwicklungsprobleme gefunden werden, können Entwickler Ansprüche gegen das Paket geltend machen, - die durch Beweise gestützt werden, und es kann zu Schrägstrichen kommen. Mitglieder der Open-Source-Community - können Pakete auf Qualitätsprobleme überprüfen, und das Protokoll kann auf diese Überprüfungen reagieren, - indem es proportionale Slashing-Ereignisse erlässt. -author: -- Max Howell -- Timothy Lewis -- Thomas Borrel -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+de} -lang: de # https://pandoc.org/MANUAL.html#language-variables -dir: ltr # language direction; ltr:left-to-right or rtl:right-to-left -translator: - - Marcos Carbonell \ No newline at end of file diff --git a/i18n/id/metadata.yml b/i18n/id/metadata.yml deleted file mode 100644 index 2d747fc..0000000 --- a/i18n/id/metadata.yml +++ /dev/null @@ -1,83 +0,0 @@ -title: Protokol Terdesentralisasi untuk Remunerasi Open Source Ecosystem -abstract: > - Membuat registri terbuka, publik, dan stabil untuk semua perangkat lunak sumber terbuka - akan memberdayakan proyek untuk menerbitkan rilis secara independen daripada mengandalkan - pihak ketiga yang mengumpulkan data tidak teratur ini menjadi ratusan terpisah - (dan duplikat) sistem. Pengelola paket akan memublikasikan rilis mereka ke - registri terdesentralisasi yang didukung oleh blockchain toleran kesalahan Bizantium untuk - hilangkan sumber kegagalan tunggal, berikan rilis yang tidak dapat diubah, dan izinkan - komunitas untuk mengatur wilayah mereka dari ekosistem sumber terbuka, - terlepas dari agenda eksternal. - - - teh mendorong pemeliharaan sumber terbuka dengan mengizinkan jaringan - peserta untuk mempertaruhkan nilai terhadap paket yang mereka andalkan dan inginkan - aman. Grafik protokol teh menyediakan pendaftaran paket yang tidak dapat diubah, - persyaratan ketergantungan, keaslian paket, dan oracle penggunaan untuk menginformasikan - algoritma remunerasi teh. Inflasi sistematis didistribusikan ke semua - paket berdasarkan algoritma itu. Jika masalah keamanan atau pengembangan adalah - ditemukan, pengembang dapat membuat klaim yang didukung oleh bukti terhadap paket, - dan pemotongan dapat terjadi. Anggota komunitas sumber terbuka dapat meninjau - paket untuk masalah kualitas, dan protokol dapat menanggapi ulasan ini - dengan memberlakukan acara tebasan proporsional. -author: -- Max Howell -- Timothy Lewis -- Thomas Borrel -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+id} # expand these variables! -lang: id # https://pandoc.org/MANUAL.html#language-variables -dir: ltr # language direction; ltr:left-to-right or rtl:right-to-left -translator: - - civiel diff --git a/i18n/ru/metadata.yml b/i18n/ru/metadata.yml deleted file mode 100644 index 461bc6c..0000000 --- a/i18n/ru/metadata.yml +++ /dev/null @@ -1,82 +0,0 @@ -title: Децентрализованный протокол для вознаграждения экосистемы с открытым исходным кодом -abstract: |- - Создание открытого, общедоступного и стабильного реестра для всего программного обеспечения с открытым исходным кодом - позволит проектам публиковать релизы независимо, а не полагаться на - третьи стороны, которые собирают эти нерегулярные данные в сотни отдельных - (и дублированные) системы. Сопровождающие пакеты будут публиковать свои релизы на - децентрализованный реестр на основе византийского отказоустойчивого блокчейна для - устранить единые источники сбоя, обеспечить неизменяемые выпуски и разрешить - сообщества для управления своими регионами экосистемы с открытым исходным кодом, - независимо от внешних программ. - - tea стимулирует поддержку открытого исходного кода, позволяя сети - участники могут делать ставки против пакетов, от которых они зависят и хотят - безопасный. График tea протокола обеспечивает неизменную регистрацию пакетов, - требования к зависимостям, подлинность пакета и использование оракулов для информирования - алгоритм tea вознаграждения. Систематическая инфляция распространяется на всех - пакеты на основе этого алгоритма. Если проблемы с безопасностью или разработкой - обнаружены, разработчики могут предъявлять требования к пакету, подкрепленные доказательствами, - и может произойти порез. Члены сообщества открытого исходного кода могут просматривать - пакеты для проблем с качеством, и протокол может отвечать на эти отзывы - путем принятия пропорциональных рубящих событий. -author: -- Макс Хауэлл -- Тимоти Льюис -- Томас Боррел -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+ru} -lang: ru -dir: ltr -translator: -- Рябченко Андрій diff --git a/i18n/uk/metadata.yml b/i18n/uk/metadata.yml deleted file mode 100644 index e31de10..0000000 --- a/i18n/uk/metadata.yml +++ /dev/null @@ -1,82 +0,0 @@ -title: Децентралізований протокол для винагороди екосистеми з відкритим вихідним кодом -abstract: |- - Створення відкритого, публічного та стабільного реєстру для всього програмного забезпечення з відкритим кодом - дасть можливість проектам публікувати випуски незалежно, а не покладатися на них - треті сторони, які збирають ці нерегулярні дані в сотні окремих - (і дубльовані) системи. Супроводжувачі пакетів публікуватимуть свої випуски на - децентралізований реєстр на базі візантійського відмовостійкого блокчейну - усунути окремі джерела збоїв, забезпечити незмінні випуски та дозволити - спільноти для управління своїми регіонами екосистеми з відкритим кодом, - незалежно від зовнішнього порядку денного. - - чай стимулює підтримку відкритого коду, дозволяючи мережі - учасники можуть зробити ставку на пакети, від яких вони залежать і яких хочуть - безпечний. Граф чайного протоколу забезпечує незмінну реєстрацію пакетів, - вимоги до залежностей, автентичність пакетів і оракули використання для інформування - алгоритм винагороди за чай. Систематична інфляція поширюється на всіх - пакети на основі цього алгоритму. Якщо є проблеми з безпекою чи розвитком - знайдено, розробники можуть висувати заяви, підтверджені доказами проти пакета, - і може статися розріз. Члени спільноти з відкритим кодом можуть переглядати - пакети для проблем з якістю, і протокол може відповідати на ці огляди - шляхом введення пропорційних скорочень. -author: -- Макс Хауелл -- Тімоті Льюїс -- Томас Боррель -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+uk} -lang: uk -dir: ltr -translator: -- Рябченко Андрій diff --git a/i18n/zh/metadata.yml b/i18n/zh/metadata.yml deleted file mode 100644 index c0a3217..0000000 --- a/i18n/zh/metadata.yml +++ /dev/null @@ -1,75 +0,0 @@ -title: 用于奖励开源生态系统的去中心化协议 -abstract: |- - 为所有开源软件创建一个开放、公共和稳定的注册表将使项目能够独立发布版本,而不是 - 依赖于将这些不规则数据组装到数百个独立(和重复)系统中的第三方。Package维护者将 - 他们的作品发布到由拜占庭容错区块链驱动的去中心化注册表,以消除单一故障源,提供 - 稳定的发布,并允许社区来管理其开源生态系统的区域,而不受外部议程的影响。 - - Tea 通过允许网络参与者将他们依赖并希望保护的软件 Package进行质押来作为激励开源 - 的维护。 Tea 协议的图表提供了不可变的 Package注册、依赖要求、 Package真实性和 - 使用预言机,以告知Tea 报酬算法。系统膨胀基于该算法分配给所有 Package。如果发现 - 安全或开发问题,开发人员可以提出有证据支持的索赔,并可能进行惩罚。开源社区的成员 - 可以审查 Package的质量问题,协议可以通过制定比例削减事件来回应这些审查。 -author: -- Max Howell -- Timothy Lewis -- Thomas Borrel -references: -- id: sources - url: https://github.com/teaxyz/white-paper -- id: cc - url: https://creativecommons.org/licenses/by-sa/4.0/ -- id: nist - url: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 -- id: reuters - url: https://www.reuters.com/article/usa-cyber-vulnerability-idCNL1N2SY2PA -- id: twitter - url: https://twitter.com/yazicivo/status/1469349956880408583 -- id: w3 - url: https://www.w3.org/TR/did-core/ -- id: theregister - url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ -- id: fossa - url: https://fossa.com/blog/npm-packages-colors-faker-corrupted/ -- id: lunasec - url: https://www.lunasec.io/docs/blog/node-ipc-protestware/ -- id: github - url: https://github.com/dominictarr/event-stream/issues/116 -- id: zdnet - url: https://www.zdnet.com/article/open-source-software-how-many-bugs-are-hidden-there-on-purpose/ -- id: threatpost - url: https://threatpost.com/backdoor-found-in-utility-for-linux/147581/ -- id: fbi - url: https://www.fbi.gov/news/stories/phantom-secure-takedown-031618 -- id: europol - url: https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication -- id: medium - url: https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 -- id: semver - url: https://semver.org/ -- id: npmjsCrossenv - url: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry.html -- id: npmjsLodash - url: https://www.npmjs.com/package/lodash -- id: npmjsChalk - url: https://www.npmjs.com/package/chalk -- id: npmjsLogFourjs - url: https://www.npmjs.com/package/log4js/ -- id: arxiv - url: https://arxiv.org/abs/1207.2617/ -- id: web3 - url: https://research.web3.foundation/en/latest/polkadot/overview/2-token-economics.html -lang: zh -dir: ltr -header-includes: -- \usepackage{fancyhdr,ragged2e} -- \usepackage{xeCJK} -- \setCJKmainfont{Noto Serif CJK SC} -- \lhead{\parbox[t]{0.5\textwidth}{\RaggedRight\rightmark\strut}} -- \rhead{\parbox[t]{0.5\textwidth}{\RaggedLeft\leftmark\strut}} -- \setlength{\headheight}{5\baselineskip} -- \pagestyle{fancy} -- \fancyfoot[LE,RO]{© 2022 tea.inc.} -- \fancyfoot[L]{v1.0.3+zh} -translator: -- LoveCity0088 diff --git a/white-paper-2.0.0.md b/white-paper.md similarity index 96% rename from white-paper-2.0.0.md rename to white-paper.md index 50a181b..bfd1226 100644 --- a/white-paper-2.0.0.md +++ b/white-paper.md @@ -1,4 +1,8 @@ -# white-paper 2.0.0 +--- +description: Vestion 2.0.0 +--- + +# white-paper ## A Decentralized Protocol for Open-Source Developers to Capture the Value They Create @@ -41,7 +45,7 @@ At tea, we’ve seen too many open-source projects suffering from these failed a In this paper, we propose tea — a decentralized system for -1. computing and assigning a “[Proof of Contribution](white-paper-2.0.0.md#proof-of-contribution)” to every open-source project relative to the entire ecosystem, +1. computing and assigning a “[Proof of Contribution](white-paper.md#proof-of-contribution)” to every open-source project relative to the entire ecosystem, 2. ensuring open-source software projects are well maintained, 3. empowering open-source developers with equitable rewards proportionate to their ecosystem-wide contributions, achieved through the implementation of the tea incentive algorithm across every entry in the tea registry, and 4. incentivizing network participants to follow responsible disclosure practices for vulnerabilities and bugs. @@ -78,7 +82,7 @@ A global decentralized registry augmented by a reputation system and supported b Open-source projects deliver a broad range of functionality, some of which may be restricted or unwanted. Encryption is an excellent example of that. A critical use case for encryption is the support of individuals’ privacy across the globe. Encryption, however, can also be used for nefarious purposes (see [Phantom Secure](https://www.fbi.gov/news/stories/phantom-secure-takedown-031618), dismantled by law enforcement agencies in March 2018) or may be compromised to support law enforcement activities (See [Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI)](https://www.europol.europa.eu/media-press/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication) where the FBI operated an “encrypted” communication platform, AN0M, and convinced criminals to use their “encrypted” phones for secure communication). -Encryption’s broad applications have made it a perfect use case for open-source software and a great example that any solution that stores packages must be tamper-proof and censorship-resistant. tea is a decentralized protocol that does not intend to filter or sanction packages based on their functionality. While the tea governance may elect to remove proven malicious packages (see the [governance section](white-paper-2.0.0.md#governance) for more information), it is critical for the tea system to connect with multiple storage systems, including decentralized ones that demonstrate that a package is unaltered and correctly replicated. Package maintainers may choose the storage system best suited for their need to store and distribute their packages securely. +Encryption’s broad applications have made it a perfect use case for open-source software and a great example that any solution that stores packages must be tamper-proof and censorship-resistant. tea is a decentralized protocol that does not intend to filter or sanction packages based on their functionality. While the tea governance may elect to remove proven malicious packages (see the [governance section](white-paper.md#governance) for more information), it is critical for the tea system to connect with multiple storage systems, including decentralized ones that demonstrate that a package is unaltered and correctly replicated. Package maintainers may choose the storage system best suited for their need to store and distribute their packages securely. ## Protocol Overview @@ -124,7 +128,7 @@ Similarly, a developer may decide to take on the role of package maintainer by f It is essential to provide developer communities with the right tools to determine which projects are being maintained and their past and present maintainers’ reputation and quality of work. We’ve too often seen open-source work being tampered with and the efforts of many ruined by bad actors. Although the work of these bad actors is largely discovered and remediated, it is often not until significant damage has been incurred through financial or data loss. Take for example the [event-stream npm package](https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502) that was downloaded over 1.5 million times per week and relied upon by over 1,500 packages when a hacker managed to penetrate the open-source project, gain the trust of its original author, and modify event-stream to depend on a malicious package that would exfiltrate bitcoin wallet credentials to a third-party server. Although tools may help detect some of these attacks, they cannot always be relied upon, which creates an entire community dependent upon each other’s diligence and willingness to share their findings. -We propose introducing incentives via the TEA token described in the "[TEA token](white-paper-2.0.0.md#tea-token)" section, to encourage open-source communities to report their findings constructively, so package maintainers can address them before they are exploited. +We propose introducing incentives via the TEA token described in the "[TEA token](white-paper.md#tea-token)" section, to encourage open-source communities to report their findings constructively, so package maintainers can address them before they are exploited. #### Package Users and tea community members @@ -154,7 +158,7 @@ As new projects or new versions of existing projects are released, the validity tea tasters, typically, are experienced software developers willing to dedicate some of their time to check the claims associated with a package (functionality, security, [semantic versioning](https://semver.org/), license accuracy, etc.) and stake both their reputation and TEA tokens to demonstrate the outcome of their research and support their reviews. In the tea Protocol, “staking your tea” is the process of locking TEA tokens to support your reviews, potentially earning rewards or facing penalties based on the consensus about the quality of your reviews. tea tasters also have the option to report bugs or vulnerabilities to package managers confidentially. Valid reports result in rewards from the project's treasury, while invalid reports lead to the forfeiture of the tea taster's stake. Lastly, if package maintainers ignore these reported issues, it triggers penalties, or “slashing”, for the project's treasury. -Like project supporters, tea tasters can influence a project and package maintainer’s reputation; however, their impact is more significant given their role in validating a project’s security, functionality, and quality. tea tasters will also need to build their reputation to support their claims. The quality of their work and the TEA tokens they put at risk as they stake their reviews combined with other external data sources will build each tea taster’s reputation, bringing more value to their work. See the "[Package & Package Maintainer Reputation](white-paper-2.0.0.md#package-and-package-maintainer-reputation)" section for more details on the mechanisms used to influence a project and package maintainer’s reputation. +Like project supporters, tea tasters can influence a project and package maintainer’s reputation; however, their impact is more significant given their role in validating a project’s security, functionality, and quality. tea tasters will also need to build their reputation to support their claims. The quality of their work and the TEA tokens they put at risk as they stake their reviews combined with other external data sources will build each tea taster’s reputation, bringing more value to their work. See the "[Package & Package Maintainer Reputation](white-paper.md#package-and-package-maintainer-reputation)" section for more details on the mechanisms used to influence a project and package maintainer’s reputation. ### Project Registration and Proof of Contribution Rewards @@ -227,7 +231,7 @@ As discussed, the tea Protocol unlocks the open-source economy and creates value We expect tea’s Proof of Contribution and staking mechanisms to foster the growth of open-source by empowering its participants with the resources they need to pursue their passion unencumbered. -As outlined in "[Project Registration and Proof of Contribution Rewards](white-paper-2.0.0.md#project-registration-and-proof-of-contribution-rewards)", projects registered with the tea Protocol and with a teaRank that surpasses a governance-defined threshold will receive Proof of Contribution rewards in the form of TEA tokens from the tea Protocol. This distribution will persist as long as the package complies with the rules of the protocol. Specifically, the package will have to maintain a teaRank above the governance defined threshold and package maintainers will have to contribute to their project’s reputation and trustworthiness by continuously staking a portion of the Proof of Contribution rewards received by the project’s treasury. Failure to comply with these rules will result in the suspension of the distribution of Proof of Contribution rewards and the redistribution of future rewards among compliant projects. +As outlined in "[Project Registration and Proof of Contribution Rewards](white-paper.md#project-registration-and-proof-of-contribution-rewards)", projects registered with the tea Protocol and with a teaRank that surpasses a governance-defined threshold will receive Proof of Contribution rewards in the form of TEA tokens from the tea Protocol. This distribution will persist as long as the package complies with the rules of the protocol. Specifically, the package will have to maintain a teaRank above the governance defined threshold and package maintainers will have to contribute to their project’s reputation and trustworthiness by continuously staking a portion of the Proof of Contribution rewards received by the project’s treasury. Failure to comply with these rules will result in the suspension of the distribution of Proof of Contribution rewards and the redistribution of future rewards among compliant projects. Dependencies can significantly affect the reliability and security of a package, and the absence of registration for a package's dependencies should be seen as a potential risk. Package maintainers, being both validators and users of these dependencies, are in a prime position to connect with the maintainers of those dependencies. They can encourage them to register their projects with tea, thus making them subject to oversight by tea tasters and eligible for associated rewards. To encourage this community-wide engagement aimed at enhancing the reputation system, we recommend that any package with dependencies that are not registered with the tea Protocol see a fraction of its Proof of Contribution rewards burnt. This burn would be proportional to the number and contribution, quantified in teaRank, of each unregistered dependency, and continue as long as these dependencies remain unregistered. @@ -251,7 +255,7 @@ The recommended linear design should allow lesser staked packages to become more Just as good actors need to be rewarded; bad actors need to be identified and penalized. Open-source software provides many opportunities for bad actors to create pain points and reputational risks for an entire community of developers. From the misappropriation of work to the alteration and redistribution of software packages, or the injection of nefarious code, the war between good and bad actors goes on, often with well-funded bad actors who see the contamination of open-source packages as an opportunity to benefit financially. The downside has been relatively minimal, with packages potentially banned from digital shelves or subjected to a poor reputation. -To directly address malicious actors and intensify the repercussions for actions contrary to the open-source, we recommend implementing the slashing mechanism detailed in the “[Package Review by Third Parties](white-paper-2.0.0.md#package-review-by-third-parties)” and “[Outdated or Corrupt Packages](white-paper-2.0.0.md#outdated-or-corrupt-packages)” sections. +To directly address malicious actors and intensify the repercussions for actions contrary to the open-source, we recommend implementing the slashing mechanism detailed in the “[Package Review by Third Parties](white-paper.md#package-review-by-third-parties)” and “[Outdated or Corrupt Packages](white-paper.md#outdated-or-corrupt-packages)” sections. As tea tasters evaluate and analyze the code in newly submitted packages, we suggest tea tasters receive the tools and incentives to pinpoint and highlight nefarious code so