Basic logos storage roadmap #296
Open
+141
−294
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
emizzle
approved these changes
Dec 12, 2025
Contributor
emizzle
left a comment
emizzle
left a comment
There was a problem hiding this comment.
Nice! A few suggestions, but nothing blocking, so will approve now.
| 1. **File sharing.** Any user in the network should be able to share files (frontend bundles and modules) such that those can be downloaded by any other user in the network. | ||
| 1. **Content addressability.** Files should be addressable by a content identifier, such that users are sure that the content they download is the content they expect. | ||
| 1. **Organic replication.** Users that download a file should be able to provide it to other users in the network. | ||
| 1. **Caching and storing.** Nodes should allow files to be either _cached_ or _stored_. Caching is constrained by a quota, and any file placed onto a node node should be cached unless explicitly told otherwise. Cached files are _evicted_ once the node runs out of quota. Optionally, a file might be marked as _stored_, at which point it no longer occupies the caching quota, and is simply preserved on disk. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. **Caching and storing.** Nodes should allow files to be either _cached_ or _stored_. Caching is constrained by a quota, and any file placed onto a node node should be cached unless explicitly told otherwise. Cached files are _evicted_ once the node runs out of quota. Optionally, a file might be marked as _stored_, at which point it no longer occupies the caching quota, and is simply preserved on disk. | |
| 1. **Caching and storing.** Nodes should allow files to be either _cached_ or _stored_. Caching is constrained by a quota, and any file placed onto a node should be cached unless explicitly told otherwise. Cached files are _evicted_ once the node runs out of caching quota in a LRU manner. Optionally, a file might be explicitly marked as _stored_, at which point it no longer occupies the caching quota, and is simply preserved on disk. Storage space is limited by a separate storage quota. |
|
|
||
| ## Usability | ||
|
|
||
| 1. **C API.** A C API with the proper primitives for publishing and downloading files by address and pinning is published. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. **C API.** A C API with the proper primitives for publishing and downloading files by address and pinning is published. | |
| 1. **C API.** A C API with primitives for publishing and downloading files by address is published. |
|
|
||
| 1. **C API.** A C API with the proper primitives for publishing and downloading files by address and pinning is published. | ||
| 1. **Logos Core.** The filesharing client is published as a working Logos Core module. | ||
| 1. **Zero-config networking.** Within the possibilities of current technology, user should not have to take any extra steps; e.g. opening ports on a router, to get file sharing working.[^1] |
Contributor
There was a problem hiding this comment.
I assume that bootstrap nodes fall into this category as well?
| 1. **C API.** A C API with the proper primitives for publishing and downloading files by address and pinning is published. | ||
| 1. **Logos Core.** The filesharing client is published as a working Logos Core module. | ||
| 1. **Zero-config networking.** Within the possibilities of current technology, user should not have to take any extra steps; e.g. opening ports on a router, to get file sharing working.[^1] | ||
| 1. **File search.** Accessing a file requires knowledge of a file identifier; i.e., a Content ID (CID). We assume that the user will obtain these CIDs out-of-band, either directly from other users or through an external indexing/discovery service. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. **File search.** Accessing a file requires knowledge of a file identifier; i.e., a Content ID (CID). We assume that the user will obtain these CIDs out-of-band, either directly from other users or through an external indexing/discovery service. | |
| 1. **File search.** Accessing a file requires knowledge of a file identifier; i.e., a Content ID (CID). User must obtain these CIDs out-of-band, either directly from other users or through an external indexing/discovery service. |
|
|
||
| 1. [Create A Basic File Sharing Client for Logos Core](./frontends-filesharing.md), by rolling out a minimal implementation which allows storing, sharing, and organically replicating frontends, modules, and files. | ||
| 2. [Privacy-Preserving File Sharing](./privacy-preserving-filesharing.md), where we enhance our filesharing implementation to provide privacy-preserving capabilities such as publisher and downloader unlinkability, and plausible deniability for ache nodes. | ||
|
|
Contributor
There was a problem hiding this comment.
What about "track 3" discussed at the offsite, ie "persistence".
| @@ -0,0 +1,32 @@ | |||
| # Privacy-Preserving File Sharing | |||
|
|
|||
| **Estimated date of completion.** Oct 2026 | |||
Contributor
There was a problem hiding this comment.
Fwiw, I'm not sure how much room we have here, but it feels odd to put a delivery date on a feature set that we have no idea how to accomplish.
| **Estimated date of completion.** Oct 2026 | ||
|
|
||
| Privacy-preserving file sharing means that: | ||
| * neither publisher or downloader of a file can be identified as so by third parties when querying and/or retrieving data; |
Contributor
There was a problem hiding this comment.
Suggested change
| * neither publisher or downloader of a file can be identified as so by third parties when querying and/or retrieving data; | |
| * neither publisher or downloader of a file can be identified by third parties when querying and/or retrieving data; |
|
|
||
| Privacy-preserving file sharing means that: | ||
| * neither publisher or downloader of a file can be identified as so by third parties when querying and/or retrieving data; | ||
| * cache nodes cannot be held accountable for the content they cache (plausible deniability). |
Contributor
There was a problem hiding this comment.
Suggested change
| * cache nodes cannot be held accountable for the content they cache (plausible deniability). | |
| * cache nodes should be able to convincingly deny knowledge of or responsibility for content they cache (plausible deniability). |
| | Risk | (Accept, Own, Mitigation) | | ||
| |------------------------|------------------------------------------------------------------------------------------------------------------| | ||
| | We take an approach of building filesharing first and then enhancing it with privacy, and figure out that we need an different protocol altogether. | Try to identify this as early as possible and fail fast. | | ||
| | Anon coms team builds something that does not work for us. | Close collaboration with anon coms, with the embedding of a logos storage researcher within their effort. Employ strategic and small multidisciplinary team including both cryptography and networking researchers and engineers. | |
Contributor
There was a problem hiding this comment.
Suggested change
| | Anon coms team builds something that does not work for us. | Close collaboration with anon coms, with the embedding of a logos storage researcher within their effort. Employ strategic and small multidisciplinary team including both cryptography and networking researchers and engineers. | | |
| | Anon comms team builds something that does not work for us. | Close collaboration with anon comms, with the embedding of a logos storage researcher within their effort. Employ strategic and small multidisciplinary team including both cryptography and networking researchers and engineers. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the bare-bones roadmap for logos storage.