[db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Mon Jul 27 18:28:25 CEST 2015
On 27/07/2015 18:21, Job Snijders wrote: > On Mon, Jul 27, 2015 at 06:13:27PM +0200, denis wrote: >> On 26/07/2015 20:04, Job Snijders wrote: >>> On Sun, Jul 26, 2015 at 07:39:36PM +0200, denis wrote: >>>>> - in essence re-introduce 'auth: none' for out of region >>>>> objects, in doing so make the rpsl-maintainer implicit. >>>> >>>> This is not a good idea. This 'implicitness' requires changes to the >>>> software to create exceptions for authorisation on creation of certain >>>> object types. The authorisation software is already nightmarishly >>>> complex. >>> >>> I don't agree with your assessment. Don't forget that the responsibility >>> for the Whois software code quality lays primiarily with RIPE NCC staff. >>> I am confident they'll inform us about potential code complexity issues. >> >> I understand where you are coming from. But keep in mind that the software >> is open source so anyone in the community can study this code (if they want >> to) and appreciate the complexity that already exists in both the software >> and data model. >> >> Also keep in mind the way this process works. The community asks for >> something, generally without any regard to how it will be implemented. The >> RIPE NCC has a lot of wonderful guys who like to give the community what >> they ask for. And as Shane often says, "it's software, you can do anything >> you like with software". Of course he is right, but there is always a cost. >> >> Given that the community/membership is, to a large extent, reluctant to even >> discuss the issue of simplifying the data model and bringing the software >> design into the 21st century, things just get more complex over time. Then >> the whole software has to be re-written again, as they have done twice >> already, just to keep it maintainable but without making any substantial >> improvements. >> >> I also think re-introducing and documenting the concept of "auth:none", >> after it was deprecated about 12 years ago, and at a time when security is a >> regular discussion topic, is bad PR for this industry. I know the public >> password achieves the same result, but at least with the password you have >> to know what to do with it and 'do something'. With "auth:none" you do >> nothing and things 'just work'. We should be fixing the issue of the public >> password not making cosmetic changes like this. > > It should be noted that "auth: none" is not a proposal of mine, merely a > short handed way of writing down what could be a method in the context > of the RPSL maintainer. IMHO slapping the public "RPSL" password on > something might as well don't require anything. noted :) > > I do not wish to reintroduce "auth: none"! But I'd like to see better > auth model of out of region resources in the RIPE database. I guess I > should have written something like "remove RPSL maintainer and use > implicit authorisation" instead of "auth: none" :-) agreed, but I still think any changes like this are cosmetic and pointless. cheers denis > > Kind regards, > > Job >
- Previous message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
- Next message (by thread): [db-wg] ad-hoc RIPE db-wg meeting at IETF93
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]