Note: Text written in italics represents notes about the section or proposal process. This document serves as an example of what a proposal could look like (in this case, a proposal to have a template) and should be used where possible.
In this first section, be sure to cover your problem and a broad overview of the solution. Covering related details, such as the expected impact, can also be a good idea. The example in this document says that we're missing a template and that things are confusing and goes on to say the solution is a template. There's no major expected impact in this proposal, so it doesn't list one. If your proposal was more invasive (such as proposing a change to how servers discover each other) then that would be a good thing to list here.
If you're having troubles coming up with a description, a good question to ask is "how does this proposal improve Matrix?" - the answer could reveal a small impact, and that is okay.
There can never be enough templates in the world, and MSCs shouldn't be any different. The level of detail expected of proposals can be unclear - this is what this example proposal (which doubles as a template itself) aims to resolve.
Here is where you'll reinforce your position from the introduction in more detail, as well as cover the technical points of your proposal. Including rationale for your proposed solution and detailing why parts are important helps reviewers understand the problem at hand. Not including enough detail can result in people guessing, leading to confusing arguments in the comments section. The example here covers why templates are important again, giving a stronger argument as to why we should have a template. Afterwards, it goes on to cover the specifics of what the template could look like.
Having a default template that everyone can use is important. Without a template, proposals would be all over the place and the minimum amount of detail may be left out. Introducing a template to the proposal process helps ensure that some amount of consistency is present across multiple proposals, even if each author decides to abandon the template.
The default template should be a markdown document because the MSC process requires authors to write a proposal in markdown. Using other formats wouldn't make much sense because that would prevent authors from copy/pasting the template.
The template should have the following sections:
- Introduction - This should cover the primary problem and broad description of the solution.
- Proposal - The gory details of the proposal.
- Potential issues - This is where problems with the proposal would be listed, such as changes that are not backwards compatible.
- Alternatives - This section lists alternative solutions to the same problem which have been considered and dismsissed.
- Security considerations - Discussion of what steps were taken to avoid security issues in the future and any potential risks in the proposal.
Furthermore, the template should not be required to be followed. However it is strongly recommended to maintain some sense of consistency between proposals.
Not all proposals are perfect. Sometimes there's a known disadvantage to implementing the proposal, and they should be documented here. There should be some explanation for why the disadvantage is acceptable, however - just like in this example.
Someone is going to have to spend the time to figure out what the template should actually have in it. It could be a document with just a few headers or a supplementary document to the process explanation, however more detail should be included. A template that actually proposes something should be considered because it not only gives an opportunity to show what a basic proposal looks like, it also means that explanations for each section can be described. Spending the time to work out the content of the template is beneficial and not considered a significant problem because it will lead to a document that everyone can follow.
This is where alternative solutions could be listed. There's almost always another way to do things and this section gives you the opportunity to highlight why those ways are not as desirable. The argument made in this example is that all of the text provided by the template could be integrated into the proposals introduction, although with some risk of losing clarity.
Instead of adding a template to the repository, the assistance it provides could be integrated into the proposal process itself. There is an argument to be had that the proposal process should be as descriptive as possible, although having even more detail in the proposals introduction could lead to some confusion or lack of understanding. Not to mention if the document is too large then potential authors could be scared off as the process suddenly looks a lot more complicated than it is. For those reasons, this proposal does not consider integrating the template in the proposals introduction a good idea.
All proposals must now have this section, even if it is to say there are no security issues.
Think about how to attack your proposal, using lists from sources like OWASP Top Ten for inspiration.
Some proposals may have some security aspect to them that was addressed in the proposed solution. This section is a great place to outline some of the security-sensitive components of your proposal, such as why a particular approach was (or wasn't) taken. The example here is a bit of a stretch and unlikely to actually be worthwhile of including in a proposal, but it is generally a good idea to list these kinds of concerns where possible.
MSCs can drastically affect the protocol. The authors of MSCs may not have a security background. If they do not consider vulnerabilities with their design, we rely on reviewers to consider vulnerabilities. This is easy to forget, so having a mandatory 'Security Considerations' section serves to nudge reviewers into thinking like an attacker.
If a proposal is implemented before it is included in the spec, then implementers must ensure that the
implementation is compatible with the final version that lands in the spec. This generally means that
experimental implementations should use /unstable
endpoints, and use vendor prefixes where necessary.
For more information, see MSC2324. This section
should be used to document things such as what endpoints and names are being used while the feature is
in development, the name of the unstable feature flag to use to detect support for the feature, or what
migration steps are needed to switch to newer versions of the proposal.
This MSC builds on MSCxxxx, MSCyyyy and MSCzzzz (which at the time of writing have not yet been accepted into the spec).