This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Mon Jul 27 18:28:25 CEST 2015
On 27/07/2015 18:21, Job Snijders wrote: > On Mon, Jul 27, 2015 at 06:13:27PM +0200, denis wrote: >> On 26/07/2015 20:04, Job Snijders wrote: >>> On Sun, Jul 26, 2015 at 07:39:36PM +0200, denis wrote: >>>>> - in essence re-introduce 'auth: none' for out of region >>>>> objects, in doing so make the rpsl-maintainer implicit. >>>> >>>> This is not a good idea. This 'implicitness' requires changes to the >>>> software to create exceptions for authorisation on creation of certain >>>> object types. The authorisation software is already nightmarishly >>>> complex. >>> >>> I don't agree with your assessment. Don't forget that the responsibility >>> for the Whois software code quality lays primiarily with RIPE NCC staff. >>> I am confident they'll inform us about potential code complexity issues. >> >> I understand where you are coming from. But keep in mind that the software >> is open source so anyone in the community can study this code (if they want >> to) and appreciate the complexity that already exists in both the software >> and data model. >> >> Also keep in mind the way this process works. The community asks for >> something, generally without any regard to how it will be implemented. The >> RIPE NCC has a lot of wonderful guys who like to give the community what >> they ask for. And as Shane often says, "it's software, you can do anything >> you like with software". Of course he is right, but there is always a cost. >> >> Given that the community/membership is, to a large extent, reluctant to even >> discuss the issue of simplifying the data model and bringing the software >> design into the 21st century, things just get more complex over time. Then >> the whole software has to be re-written again, as they have done twice >> already, just to keep it maintainable but without making any substantial >> improvements. >> >> I also think re-introducing and documenting the concept of "auth:none", >> after it was deprecated about 12 years ago, and at a time when security is a >> regular discussion topic, is bad PR for this industry. I know the public >> password achieves the same result, but at least with the password you have >> to know what to do with it and 'do something'. With "auth:none" you do >> nothing and things 'just work'. We should be fixing the issue of the public >> password not making cosmetic changes like this. > > It should be noted that "auth: none" is not a proposal of mine, merely a > short handed way of writing down what could be a method in the context > of the RPSL maintainer. IMHO slapping the public "RPSL" password on > something might as well don't require anything. noted :) > > I do not wish to reintroduce "auth: none"! But I'd like to see better > auth model of out of region resources in the RIPE database. I guess I > should have written something like "remove RPSL maintainer and use > implicit authorisation" instead of "auth: none" :-) agreed, but I still think any changes like this are cosmetic and pointless. cheers denis > > Kind regards, > > Job >
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]