Question: Why was StoreCode.url removed from the tx msg?

[minxylynx]

As the title asks, why was the StoreCode.url field removed from the msg? Tracking where code came from is useful from an end user perspective.

[ethanfrey]

It was either empty (50%) or filled with erroneous sample url (40%) most of the time.
The few cases that it was properly filled in, we had some issues using the automatic verification code as soon multi-repos became the norm.

Since this field was non-mutable and not very useful, we removed it, realising that we needed the flexibility of an actual registry with lots of logic, which can evolve separately from the code wasmd code.

This could either be some smart contracts managing this or a 3rd party service that actually verifies the source code matches the hash, etc (like Etherscan).

Some older discussions around adding more meaningful metadata that you will likely find relevant: #241 #251

This is when we created the tags: #77
And this is when we removed them: #540

[minxylynx]

I definitely understand the use case you originally added them in to fill (validation/verification). However, even just using the original url field as a reference link to the code repo/version would be useful from an end-user perspective. Even the metadata addition would be useful in some respect.

Would you be willing to entertain that as a strictly end-user function to match code to source? Wouldnt have to be enforced, but as an optional field, it still gives more info than we currently have.

[ethanfrey]

I propose a name service contract where owners can upload such link

[iramiller]

For our specific case that @minxylynx is thinking of I suspect what we might want to do is create our own custom governance proposal process that has the extra information we require along with the wasm code we would store.

This wouldn't change the cosmwasm code or wasmd ... but it would allow our network to have a more formal governance proposal submission process for the code.

As part of this extended information in the governance proposal we would likely need to create a scripted process for a submitter to run locally that packages their code up along with the extended information and then writes a governance proposal output which they could then submit.

This would have the benefit of the submitter knowing up front that their proposal is complete and it would also mean that we could link to the verification program from the governance proposal so voters can verify the claims themselves and ensure that the submitted code does in fact match the open source provided.