Hi Brandon, thanks for your thoughtful response. It’s great to hear that you support most of the proposal. There is indeed a lot of momentum building behind the brownfield approach.
I would like to respond to this:
Gives each proposal an opportunity to be evaluated on it’s own merits and discussed by the community rather than “tagging along” with other proposals that have broad support.
Yes, in the brownfield approach we would have separate GIPs for each of the steps. However, for it to make sense, I would argue we would first have to come to a consensus that at least the rough outline of what we’re proposing (permissionless verifiers, slashable delegation, indexing fees in parallel to rewards) are worth pursuing, as I think there is a reason for these things to be bundled together. Permissionless verifiers without slashable delegation, for instance, would be an incomplete solution, as it would make little sense to distribute delegated stake across data services if only self stake is slashable. So I would hope that the community and the Council would agree to move forward, discussing implementation details and other aspects for each of the changes, but understanding that the broad aspects of this proposal work best when they are applied together.
Obviously, if there are specific aspects of the proposal that the community disagrees with, it would be good to discuss them and we can adapt the proposal as needed, but I would hope that if this is something major (e.g. permissionless verifiers vs. having an allowlist) we discuss those things now rather than wait for the specific GIPs. Based on the conversations we’ve had here, in IOH and other community calls, as well as the conversations I’ve had with the Council, I think all concerns raised so far have been answered, and we are at a point where we could say there is rough consensus for a brownfield Horizon.
To be clear, I’ve always thought building on The Graph (i.e., individual subgraphs or substreams modules) should be fully permissionless and censorship resistant. What I’m skeptical of is that building The Graph itself (i.e., unilaterally specifying the verifiability and economic properties of data services) should be fully permissionless at all, much less a top priority.
I’d like to explain my personal view for why I think permissionless is an important goal. I’m glad you agree that building things like subgraphs on The Graph should be fully permissionless and censorship-resistant. I would argue that unless data services themselves are fully permissionless, individual modules within data services will still suffer some level of permission. In the worst case, a compromised governance could theoretically shut the whole thing down. Sure, this is quite low risk in the short term, but if we’re to build the future of The Graph I would rather do it in a way that is robust against a varied set of attack vectors, and that includes compromised governance. For any mechanism that relies on a permissioned set of humans, it is impossible to predict how that set might evolve over time and whether it can be captured or compromised. Even a benign and well-meaning governing body could theoretically be pressured to censor a specific data service in the future.
Does this mean I believe The Graph should be a free-for-all, and data services should have no coherence or community-wide governance? Not at all. I still think the Council and our existing governance institutions play a super important role in the future of The Graph. I’m confident that the community can define standards for data services and requirements for these to allow composition and interoperability, preserving the “logical centralization” of The Graph as much as possible. The Council will still have the ultimate decision about what is done with token issuance, for instance, and that can play a huge role in incentivizing the development of data services that meet these standards.
“Permissionless” is also a core principle in crypto and web3 and I think it is worth pursuing at all levels. It is also important in keeping the protocol credibly neutral. It is worth noting, however, that the proposed change here that enables this permissionlessness is actually quite small: it simply allows service providers to set any verifier as the slasher. This does not mean that any verifier can automatically be considered “part of The Graph”, use The Graph brand, or be included in products built by core developers. It does mean, however, that core developers and external actors alike are free to use the Staking contract and GRT as a platform to innovate and build arbitrary data services. If we do things right, those actors will be incentivized to build things in an interoperable way and can eventually be part of the “canonical” parts of the protocol. But if anyone disagrees with specific requirements, they can still use this platform rather than having to deploy a completely new token and protocol, and their services might still be partially if not fully interoperable in ways that benefit the ecosystem as a whole. It also means that governance is unable to stop or censor these services even if pressured to do so. And for core developers, it provides much more freedom to experiment and find protocol-market-fit without long governance cycles at every step - obviously still going to governance for the things that are within the Council’s purview.
Arbitration secured by some smaller DAO or centralized entity is not much more preferable, in my opinion, to arbitration guaranteed by The Graph Council. We should be investing in true verifiability using refereed games or ZKPs, both of which require on-chain work.
I agree that we should very much strive for automated verifiability, and more decentralized arbitration is just a small step forward. I disagree that this will only give an illusion of progress - it is still a necessary step for a protocol that has many data services with different verifiability approaches, it opens the door for innovation, and it will be very impactful in making arbitration more scalable for some data services where automated verifiability may take several years.
What’s actually needed and has blocked supporting new data services on the network is designing and building the off-chain data services, the negotiation protocol, the service pricing, etc.
I also agree that much of the work needed to support new data services is actually on off-chain components, and this is happening in parallel right now. The permissionless verifiers in Horizon will simply allow these data services to specify their own arbitration or verifiability (the main thing missing from the current protocol for full support of arbitrary services), without introducing an unnecessary allowlist.
Finally, I’d say permissionless is a core part of the Horizon proposal but it’s certainly not its only feature. Modularity, improved economic security, and the many benefits of indexing fees are also very important. And I think we agree, Horizon is just one step, or a few steps, and we still have a lot of work to do after it to bring The Graph to its full potential.
Hope this clarifies my point of view a bit more. I think we’re more or less on similar pages about these things, and happy to keep discussing. In the past few weeks we’ve started writing the code for the first steps in the brownfield approach, and we’ll be working on the first GIP soon as well.