[db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at ntt.net
Mon Jul 27 18:21:19 CEST 2015
On Mon, Jul 27, 2015 at 06:13:27PM +0200, denis wrote: > On 26/07/2015 20:04, Job Snijders wrote: > >On Sun, Jul 26, 2015 at 07:39:36PM +0200, denis wrote: > >>> - in essence re-introduce 'auth: none' for out of region > >>> objects, in doing so make the rpsl-maintainer implicit. > >> > >>This is not a good idea. This 'implicitness' requires changes to the > >>software to create exceptions for authorisation on creation of certain > >>object types. The authorisation software is already nightmarishly > >>complex. > > > >I don't agree with your assessment. Don't forget that the responsibility > >for the Whois software code quality lays primiarily with RIPE NCC staff. > >I am confident they'll inform us about potential code complexity issues. > > I understand where you are coming from. But keep in mind that the software > is open source so anyone in the community can study this code (if they want > to) and appreciate the complexity that already exists in both the software > and data model. > > Also keep in mind the way this process works. The community asks for > something, generally without any regard to how it will be implemented. The > RIPE NCC has a lot of wonderful guys who like to give the community what > they ask for. And as Shane often says, "it's software, you can do anything > you like with software". Of course he is right, but there is always a cost. > > Given that the community/membership is, to a large extent, reluctant to even > discuss the issue of simplifying the data model and bringing the software > design into the 21st century, things just get more complex over time. Then > the whole software has to be re-written again, as they have done twice > already, just to keep it maintainable but without making any substantial > improvements. > > I also think re-introducing and documenting the concept of "auth:none", > after it was deprecated about 12 years ago, and at a time when security is a > regular discussion topic, is bad PR for this industry. I know the public > password achieves the same result, but at least with the password you have > to know what to do with it and 'do something'. With "auth:none" you do > nothing and things 'just work'. We should be fixing the issue of the public > password not making cosmetic changes like this. It should be noted that "auth: none" is not a proposal of mine, merely a short handed way of writing down what could be a method in the context of the RPSL maintainer. IMHO slapping the public "RPSL" password on something might as well don't require anything. I do not wish to reintroduce "auth: none"! But I'd like to see better auth model of out of region resources in the RIPE database. I guess I should have written something like "remove RPSL maintainer and use implicit authorisation" instead of "auth: none" :-) Kind regards, Job
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]