[db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database

On Thu, Apr 07, 2016 at 10:23:16AM +0200, Trudy Prins wrote:

> The RIPE NCC Executive Board (EB) endorsed a proposal on how to deal with a vulnerability for RIPE Database users. Following their advice, the RIPE NCC proactively locked 848,986 unmaintained PERSON objects and 1,206 unmaintained ROLE objects on 6 April 2016.

this sounds like a very sensible move to me.

Of these ~850.000 objects, how many are referenced by objects from more than a single maintainer?

> 2) Furthermore, the RIPE NCC modifies the existing warning about referencing unmaintained persons/roles to a similar warning about referencing locked persons/roles.                                                                                       

Assuming that unmaintained objects ought to disappear and at the same time understanding
that an immediate hard failure might interfere badly with established running code on
the side of an LIR, there should be incentives to migrate.  As a start, new references
to unmaintained objects could be avoided.

> 3a) The locked objects can remain as they are. In time, all locked PERSON or ROLE objects no longer referenced by other objects could be automatically deleted: the current thinking is a 180-day deletion timeout for these locked, unreferenced objects.

>From a data protection perspective, this cool down phase appears rather long,
especially given that even after following (3b) there's no proposed way to actively delete
the locked (and re-instantiated) object.  What's the perceived drawback of few days only?

-Peter