2007-01-30 08:50:01 +01:00
|
|
|
Filename: 001-process.txt
|
|
|
|
|
Title: The Tor Proposal Process
|
|
|
|
|
Author: Nick Mathewson
|
|
|
|
|
Created: 30-Jan-2007
|
|
|
|
|
Status: Meta
|
|
|
|
|
|
|
|
|
|
Overview:
|
|
|
|
|
|
|
|
|
|
This document describes how to change the Tor specifications, how Tor
|
|
|
|
|
proposals work, and the relationship between Tor proposals and the
|
|
|
|
|
specifications.
|
|
|
|
|
|
|
|
|
|
This is an informational document.
|
|
|
|
|
|
|
|
|
|
Motivation:
|
|
|
|
|
|
|
|
|
|
Previously, our process for updating the Tor specifications was maximally
|
|
|
|
|
informal: we'd patch the specification (sometimes forking first, and
|
|
|
|
|
sometimes not), then discuss the patches, reach consensus, and implement
|
|
|
|
|
the changes.
|
|
|
|
|
|
|
|
|
|
This had a few problems.
|
|
|
|
|
|
|
|
|
|
First, even at its most efficient, the old process would often have the
|
|
|
|
|
spec out of sync with the code. The worst cases were those where
|
2007-02-10 22:38:31 +01:00
|
|
|
implementation was deferred: the spec and code could stay out of sync for
|
2007-01-30 08:50:01 +01:00
|
|
|
versions at a time.
|
|
|
|
|
|
|
|
|
|
Second, it was hard to participate in discussion, since you had to know
|
|
|
|
|
which portions of the spec were a proposal, and which were already
|
|
|
|
|
implemented.
|
|
|
|
|
|
|
|
|
|
Third, it littered the specifications with too many inline comments.
|
|
|
|
|
[This was a real problem -NM]
|
|
|
|
|
[Especially when it went to multiple levels! -NM]
|
|
|
|
|
[XXXX especially when they weren't signed and talked about that
|
|
|
|
|
thing that you can't remember after a year]
|
|
|
|
|
|
|
|
|
|
How to change the specs now:
|
|
|
|
|
|
|
|
|
|
First, somebody writes a proposal document. It should describe the change
|
|
|
|
|
that should be made in detail, and give some idea of how to implement it.
|
|
|
|
|
Once it's fleshed out enough, it becomes a proposal.
|
|
|
|
|
|
|
|
|
|
Like an RFC, every proposal gets a number. Unlike RFCs, proposals can
|
2007-02-21 00:22:33 +01:00
|
|
|
change over time and keep the same number, until they are finally
|
|
|
|
|
accepted or rejected. The history for each proposal
|
2009-05-05 15:48:23 +02:00
|
|
|
will be stored in the Tor repository.
|
2007-01-30 08:50:01 +01:00
|
|
|
|
|
|
|
|
Once a proposal is in the repository, we should discuss and improve it
|
|
|
|
|
until we've reached consensus that it's a good idea, and that it's
|
|
|
|
|
detailed enough to implement. When this happens, we implement the
|
|
|
|
|
proposal and incorporate it into the specifications. Thus, the specs
|
|
|
|
|
remain the canonical documentation for the Tor protocol: no proposal is
|
|
|
|
|
ever the canonical documentation for an implemented feature.
|
|
|
|
|
|
2007-03-02 21:00:30 +01:00
|
|
|
(This process is pretty similar to the Python Enhancement Process, with
|
|
|
|
|
the major exception that Tor proposals get re-integrated into the specs
|
|
|
|
|
after implementation, whereas PEPs _become_ the new spec.)
|
|
|
|
|
|
2007-02-21 00:22:33 +01:00
|
|
|
{It's still okay to make small changes directly to the spec if the code
|
|
|
|
|
can be
|
2007-01-30 08:50:01 +01:00
|
|
|
written more or less immediately, or cosmetic changes if no code change is
|
|
|
|
|
required. This document reflects the current developers' _intent_, not
|
|
|
|
|
a permanent promise to always use this process in the future: we reserve
|
|
|
|
|
the right to get really excited and run off and implement something in a
|
2007-02-10 22:38:31 +01:00
|
|
|
caffeine-or-m&m-fueled all-night hacking session.}
|
2007-01-30 08:50:01 +01:00
|
|
|
|
2007-02-19 15:53:56 +01:00
|
|
|
How new proposals get added:
|
2007-01-30 08:50:01 +01:00
|
|
|
|
2007-02-19 15:53:56 +01:00
|
|
|
Once an idea has been proposed on the development list, a properly formatted
|
2007-02-25 14:39:33 +01:00
|
|
|
(see below) draft exists, and rough consensus within the active development
|
2007-02-21 00:22:33 +01:00
|
|
|
community exists that this idea warrants consideration, the proposal editor
|
|
|
|
|
will officially add the proposal.
|
|
|
|
|
|
|
|
|
|
To get your proposal in, send it to or-dev.
|
|
|
|
|
|
|
|
|
|
The current proposal editor is Nick Mathewson.
|
2007-01-30 08:50:01 +01:00
|
|
|
|
|
|
|
|
What should go in a proposal:
|
|
|
|
|
|
2007-02-10 04:43:00 +01:00
|
|
|
Every proposal should have a header containing these fields:
|
2009-05-05 15:48:23 +02:00
|
|
|
Filename, Title, Author, Created, Status.
|
2007-02-10 04:43:00 +01:00
|
|
|
|
2008-07-14 22:44:44 +02:00
|
|
|
These fields are optional but recommended:
|
|
|
|
|
Target, Implemented-In.
|
|
|
|
|
The Target field should describe which version the proposal is hoped to be
|
|
|
|
|
implemented in (if it's Open or Accepted). The Implemented-In field
|
|
|
|
|
should describe which version the proposal was implemented in (if it's
|
|
|
|
|
Finished or Closed).
|
|
|
|
|
|
2007-02-10 04:43:00 +01:00
|
|
|
The body of the proposal should start with an Overview section explaining
|
|
|
|
|
what the proposal's about, what it does, and about what state it's in.
|
|
|
|
|
|
2007-02-10 22:38:31 +01:00
|
|
|
After the Overview, the proposal becomes more free-form. Depending on its
|
2009-05-05 15:47:36 +02:00
|
|
|
length and complexity, the proposal can break into sections as
|
2007-02-10 04:43:00 +01:00
|
|
|
appropriate, or follow a short discursive format. Every proposal should
|
2007-02-21 00:22:33 +01:00
|
|
|
contain at least the following information before it is "ACCEPTED",
|
2007-02-10 22:38:31 +01:00
|
|
|
though the information does not need to be in sections with these names.
|
2007-02-10 04:43:00 +01:00
|
|
|
|
|
|
|
|
Motivation: What problem is the proposal trying to solve? Why does
|
|
|
|
|
this problem matter? If several approaches are possible, why take this
|
|
|
|
|
one?
|
|
|
|
|
|
|
|
|
|
Design: A high-level view of what the new or modified features are, how
|
|
|
|
|
the new or modified features work, how they interoperate with each
|
|
|
|
|
other, and how they interact with the rest of Tor. This is the main
|
|
|
|
|
body of the proposal. Some proposals will start out with only a
|
|
|
|
|
Motivation and a Design, and wait for a specification until the
|
|
|
|
|
Design seems approximately right.
|
|
|
|
|
|
2007-02-10 22:38:31 +01:00
|
|
|
Security implications: What effects the proposed changes might have on
|
2007-02-10 04:43:00 +01:00
|
|
|
anonymity, how well understood these effects are, and so on.
|
|
|
|
|
|
|
|
|
|
Specification: A detailed description of what needs to be added to the
|
|
|
|
|
Tor specifications in order to implement the proposal. This should
|
|
|
|
|
be in about as much detail as the specifications will eventually
|
|
|
|
|
contain: it should be possible for independent programmers to write
|
|
|
|
|
mutually compatible implementations of the proposal based on its
|
|
|
|
|
specifications.
|
|
|
|
|
|
|
|
|
|
Compatibility: Will versions of Tor that follow the proposal be
|
|
|
|
|
compatible with versions that do not? If so, how will compatibility
|
2007-02-10 22:38:31 +01:00
|
|
|
be achieved? Generally, we try to not drop compatibility if at
|
|
|
|
|
all possible; we haven't made a "flag day" change since May 2004,
|
|
|
|
|
and we don't want to do another one.
|
2007-02-10 04:43:00 +01:00
|
|
|
|
|
|
|
|
Implementation: If the proposal will be tricky to implement in Tor's
|
|
|
|
|
current architecture, the document can contain some discussion of how
|
2010-08-03 20:25:07 +02:00
|
|
|
to go about making it work. Actual patches should go on public git
|
|
|
|
|
branches, or be uploaded to trac.
|
2007-02-10 04:43:00 +01:00
|
|
|
|
|
|
|
|
Performance and scalability notes: If the feature will have an effect
|
|
|
|
|
on performance (in RAM, CPU, bandwidth) or scalability, there should
|
|
|
|
|
be some analysis on how significant this effect will be, so that we
|
|
|
|
|
can avoid really expensive performance regressions, and so we can
|
|
|
|
|
avoid wasting time on insignificant gains.
|
2007-01-30 08:50:01 +01:00
|
|
|
|
2007-02-19 15:53:56 +01:00
|
|
|
Proposal status:
|
|
|
|
|
|
|
|
|
|
Open: A proposal under discussion.
|
|
|
|
|
|
|
|
|
|
Accepted: The proposal is complete, and we intend to implement it.
|
2007-02-21 00:22:33 +01:00
|
|
|
After this point, substantive changes to the proposal should be
|
|
|
|
|
avoided, and regarded as a sign of the process having failed
|
|
|
|
|
somewhere.
|
2007-02-19 15:53:56 +01:00
|
|
|
|
2007-02-21 00:22:33 +01:00
|
|
|
Finished: The proposal has been accepted and implemented. After this
|
|
|
|
|
point, the proposal should not be changed.
|
2007-02-19 15:53:56 +01:00
|
|
|
|
|
|
|
|
Closed: The proposal has been accepted, implemented, and merged into the
|
2007-02-21 00:22:33 +01:00
|
|
|
main specification documents. The proposal should not be changed after
|
|
|
|
|
this point.
|
2007-02-19 15:53:56 +01:00
|
|
|
|
|
|
|
|
Rejected: We're not going to implement the feature as described here,
|
|
|
|
|
though we might do some other version. See comments in the document
|
2007-02-21 00:22:33 +01:00
|
|
|
for details. The proposal should not be changed after this point;
|
|
|
|
|
to bring up some other version of the idea, write a new proposal.
|
2007-02-19 15:53:56 +01:00
|
|
|
|
2008-03-11 05:30:11 +01:00
|
|
|
Draft: This isn't a complete proposal yet; there are definite missing
|
|
|
|
|
pieces. Please don't add any new proposals with this status; put them
|
|
|
|
|
in the "ideas" sub-directory instead.
|
|
|
|
|
|
2007-02-19 15:53:56 +01:00
|
|
|
Needs-Revision: The idea for the proposal is a good one, but the proposal
|
|
|
|
|
as it stands has serious problems that keep it from being accepted.
|
|
|
|
|
See comments in the document for details.
|
|
|
|
|
|
|
|
|
|
Dead: The proposal hasn't been touched in a long time, and it doesn't look
|
|
|
|
|
like anybody is going to complete it soon. It can become "Open" again
|
|
|
|
|
if it gets a new proponent.
|
|
|
|
|
|
|
|
|
|
Needs-Research: There are research problems that need to be solved before
|
|
|
|
|
it's clear whether the proposal is a good idea.
|
|
|
|
|
|
|
|
|
|
Meta: This is not a proposal, but a document about proposals.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The editor maintains the correct status of proposals, based on rough
|
|
|
|
|
consensus and his own discretion.
|
|
|
|
|
|
|
|
|
|
Proposal numbering:
|
|
|
|
|
|
|
|
|
|
Numbers 000-099 are reserved for special and meta-proposals. 100 and up
|
|
|
|
|
are used for actual proposals. Numbers aren't recycled.
|
