Meeting summary: Monero Community Workgroup, 11 November 2023

Posted Sun, 12 Nov 2023, from Monero Observer

Price Analysis

Source Article Link: https://monero.observer/meeting-log-summary-monero-community-workgroup-meeting-11-november-2023/

This is a comprehensive summary, with added reference links, of the Monero Community Workgroup meeting1 from November 11th 2023, 1500 UTC.

Logs

The raw, unedited, full log file for this meeting:

231111-community.log (361 lines)

Summary

Note: it is possible that some relevant information may be missing from this summary; read the full log file for the complete, unedited discussion.

  • Participants: 17 (plowsof2, binaryFate3, s​needlewoods_xmr4, o​frnxmr5, r​brunner76, c​trej7, s​packle_xmr8, r​ucknium9, b​tclovera10, h​into.janaiyo11, nioc12, t​uxsudo13, v1docq4714, selsta15, luigi111116, l​ordx3nu17, midipoet18)

  • Focus: The future of the CCS after the recent incident19

    • plowsof recommended skipping the CCS ideas list20: The agenda/goal of this meeting should be to help clarify where Core and the community are at in terms of short / long term solutions for a path forward, whilsts disrupting Moneros development as little as possible

    • o​frnxmr was keen to get [the] ball rolling in the short term and focus on setting up the infrastructure for funds moving forward in the long term (2-4 weeks)

    • plowsof noted that the Monerokon events team went their own way for funding21 and are planning to return to the CCS in spring~ depending on how things are resolved

    • Rucknium reminded everyone that the MAGIC Monero Fund22 was unaffected by the CCS wallet theft

    • p​lowsof hinted at the fact that Monero multisig is still experimental23

    • R​ucknium was against security through obscurity in the eventuality that the CCS would end up using escrow again: the process to create and manage the wallet should be documented publicly

    • p​lowsof was wondering if binaryFate would agree to create a seperate [secure] ccs wallet and send funds from this new wallet on to luigi (for payouts);

      • o​frnxmr was opposed to the idea, hinting at the fact that binaryFate already has too much responsibility as he is also holding the keys to the General Fund wallet;

        • selsta suggested a separate discussion for the GF

    • binaryFate asked the community if there would be support for delegating full responsibility for the wallet to luigi1111;

      • o​frnxmr was against the idea, unless luigi would be a multisig signer: not solo. Worst opsec.;

      • Rucknium pointed out to the probable lack of trust in luigi from the perspective of potential donors;

      • nioc noted that they would be fine with luigi in charge;

      • t​uxsudo and b​tclovera both objected and mentioned the OPSEC failure;

      • r​brunner7 noted that no one knows how luigi was targeted and that could be reason enough to choose somebody else for the time being;

        • nioc agreed with rbrunner7’s line of thought

    • c​trej was wondering if it would be possible to temporarily use a ledger or trezor until the community figures out multisig proper;

      • p​lowsof pointed out that a hardware wallet would have defeated the evil hackers

    • Rucknium floated the idea of direct funding to workers’ XMR wallets as a short term solution;

      • o​frnxmr was interested in isolating the GF from the CCS: Core needs to use that GF to deal with infra; they dont need to be bank tellers

    • c​trej was looking for a guide or a link collection for hardening a PC (removing intelME24 etc.);

      • p​lowsof linked tobtoht’s osresearch.net website25

    • selsta suggested a potential workflow/setup: luigi can for example use a hardware wallet for a hot wallet to payout devs while the cold wallet that gets the actual funds are in someone else’s hands

    • h​into.janaiyo was wondering who would be trusted enough to hold funds long term, before suggesting plowsof as a temporary custodian;

      • o​frnxmr voted for plowsof to handle the new wallet, but wanted multisig for the long term;

      • b​tclovera nominated both binaryFate and plowsof and suggested RINO26 or some multisig schema and then also recommended Vik from cake wallet;

      • s​needlewoods_xmr thought that plowsof is trustworthy for the new short term wallet;

      • r​brunner7 wondered if plowsof would agree to take the responsibility

    • binaryFate stated that he is not comfortable piggybacking on different wallet when we have different requirements on how frequently to access funds in response to rbrunner7’s suggestion to use the GF security setup to create a new wallet

    • R​ucknium was looking for a direct answer from plowsof to the obvious question: do you want this responsibility?;

      • plowsof replied: i would like more responsibility, but my first rodeo should not be ‘the CCS wallet’

    • Rucknium recommended going with the direct funding with no escrow option as there is (currently) no arrangement that satisfies all groups - donors, workers, people that vet proposals, and the escrower;

      • h​into.janaiyo wanted to know if proposers would directly receive funds even before milestones are complete;

        • Rucknium confirmed (yes)

    • o​frnxmr nominated selsta as a potential candidate;

      • selsta was not interested

    • nioc indirectly suggested Rucknium

    • p​lowsof assured everyone that the work in progress proposals are covered by the general fund / have already been paid out

    • R​ucknium mentioned that binaryFate is probably already escrowing the bounties.monero.social27 funds;

      • binaryFate confirmed: I escrow the bounties wallet and perform payouts as directed to me (usually by plowsof);

      • o​frnxmr thought that was too much for 1 person

    • midipoet proposed using a custodial account at somewhere like Kraken as a short term solution: This will solve the immediate Opsec issue and also provide us some time to organise properly;

      • selsta noted a risk of Kraken locking the account due to large inflow / outflow of funds, probably get flagged by some algorithm;

      • midipoet also suggested LocalMonero, in order to benefit from the wallet’s view key;

      • selsta favored a solution that doesn’t involve a third party service

    • r​brunner7 tried to redirect the discussions back to the most immediate bottleneck: finding trustworthy users that are ready to take the responsibility

    • binaryFate posted his final comment of the meeting: I don’t think you should expect a magical solution from Core. In that context core and core members at most can be tools for the community to use, not much more.

    • h​into.janaiyo proposed to temporarily hold future community meetings every week

    • p​lowsof noted that consensus was reached to merge/retrofund the monero-core/seraphis devs proposals

    • selsta was more interested in using the CCS instead of direct funding

    • r​brunner7 thought that the CCS is an important cornerstone of our “culture”, of our “identity”. More than a simple tool to pay people.

  • /end

Let me know if you found this report helpful.

Feedback, suggestions and edits always welcome @/about/.

-3RA

  1. /monero-community-workgroup-meeting-11-november-2023/ 

  2. https://github.com/plowsof/ 

  3. https://github.com/binaryFate/ 

  4. https://matrix.to/#/s​needlewoods_xmr:matrix.org 

  5. https://matrix.to/#/ofrnxmr:monero.social 

  6. https://github.com/rbrunner7/ 

  7. https://matrix.to/#/c​trej:matrix.org 

  8. https://matrix.to/#/s​packle_xmr:matrix.org 

  9. https://github.com/R​ucknium/ 

  10. https://repo.getmonero.org/xmrLovera/ 

  11. https://github.com/hinto-janai/ 

  12. [TBD] @nioc (IRC) 

  13. https://matrix.to/#/t​uxsudo:tux.pizza 

  14. https://github.com/v1docq47/ 

  15. https://github.com/selsta/ 

  16. https://github.com/luigi1111/ 

  17. https://matrix.to/#/l​ordx3nu:matrix.org 

  18. https://repo.getmonero.org/midipoet/ 

  19. /luigi-discloses-critical-ccs-wallet-breach/ 

  20. https://ccs.getmonero.org/ideas/ 

  21. /monerokon-to-abandon-ccs-for-self-hosted-crowdfunding-solution/, https://funding.monerokon.com/ 

  22. /jehrenhofer-announces-magic-grants-monero-fund/, https://monerofund.org/ 

  23. https://libera.monerologs.net/monero-research-lab/20231108#c301310 

  24. /cypherpunk-transmission-016-1vyrain-soft-disable-intel-me-xx30-thinkpads/ 

  25. https://osresearch.net/ 

  26. /rino-wallet-live-mainnet/, https://rino.io/ 

  27. https://bounties.monero.social/ 

License: CC BY 4.0, no changes were made to the article.