[db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database
- Previous message (by thread): [db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database
- Next message (by thread): [db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Athina Fragkouli
athina.fragkouli at ripe.net
Thu Apr 14 14:28:26 CEST 2016
Dear Denis, Thank you for your request. Please allow me some time to look into this matter. I will provide you and the list with my comment next week. Kind regards, Athina Fragkouli Head of Legal RIPE NCC On 14/04/16 13:31, denis wrote: > Hi Piotr > > On 14/04/2016 08:41, Piotr Strzyzewski wrote: >> On Thu, Apr 14, 2016 at 01:07:01AM +0200, denis wrote: >> >> Denis >> >>> You really are barking up the wrong tree here. >> >> Nice try, but you misinterpret my intentions. > > This is a very condescending remark. > >> >>> On 14/04/2016 00:31, Piotr Strzyzewski wrote: >>>> On Thu, Apr 14, 2016 at 12:00:45AM +0200, denis wrote: >>>> >>>> Denis >>>> >>>>>> Taking your arguments stated above, I once again (this time more >>>>>> clear) >>>>>> say that rolling back the change to allow changes to the PERSON >>>>>> object >>>>>> name would _not_ have fixed the problem. >>>>> >>>>> Maybe not, but it would have been a harmless change. Your action has >>>> >>>> This change has been discussed and expected in this community at least >>>> from the year 2000. >>> >>> For a start this database with this (broken) data model did not exist in >>> 2000. It was released to production in April 2001. >> >> Which do not proof that there was no desire/discussion/need for change >> of the person name even earlier: >> >> https://www.ripe.net/ripe/mail/archives/db-wg/2001-January/001512.html >> >>> And has been checked by You in 2014 with RIPE NCC's >>>> legal team. I haven't seen any technical, legal, procedural (nor any >>>> other) objections raised by You under issue 221 >>>> (https://github.com/RIPE-NCC/whois/issues/221). >>>> What has changed during last 1.5 year? >>> >>> Issue 221 was about changing the PERSON object name. It was agreed by >>> the >>> RIPE NCC legal team that they saw no problems at that time. What has >>> changed is that you have now identified a hijacking issue. Rolling back >>> that change would have prevented 'easy' hijacking by simply changing the >>> name of an unmaintained PERSON object to your name. By locking the >>> objects >>> they now have to 'get' ID in that name. As you pointed out that seems >>> to be >>> easy, although I have no idea how to do something like that. >> >> The hijacking issue was there for years. I'm just surprised that it was >> not raised by you during the discussion of issue 221. > > Again this is another condescending remark. You imply that I should know > everything at all times. If you knew about this hijacking issue that you > say has been around for years, then as a co-chair of this working group > why did you not mention it at the time? > >> >>> You seem to be determined to 'prove' I am wrong suggesting rolling >>> back the >>> name change would fix this issue. But you don't seem to accept that the >>> action you have taken has also NOT fixed the problem but caused many >>> more >>> serious problems. >> >> Please refrain from suggesting that I have done something. > > The whole tone of this thread is one of attack and aggression towards > me. You are not discussing the issues but you are discussing me. You are > relentlessly pursuing my comments and looking back in history to prove > me wrong, instead of trying to move forward. You are doing exactly what > you accuse me of. > >> >> Moreover, keep saying the mantra about causing many more serious >> problems is neither the proof of this thesis nor the solution to >> anything. If you know/see something which could seriously improve the >> quality of the data, security model, business rules, etc, just bring it >> on the table. > > Sorry but you are missing the point here. It is not a thesis and I have > stated the serious problem. I was part of the Data Protection Task Force > many years ago. I spent a lot of time with the RIPE NCC's lawyers > discussing the data protection issues around the RIPE Database. > > The action you have taken HAS already created a data protection issue. > There are now about a million personal data sets in the database that > the data subjects cannot change. The RIPE NCC has stated it will not > unlock any of these objects as they cannot be sure who they refer to. > The RIPE NCC, as Data Controller of this database has a million personal > data sets in their database that they cannot assert contain accurate > data and they have prevented the data subjects from updating their > personal data. The RIPE NCC also, even as Data Controller, cannot do > anything to fix or replace these personal data sets. > > Now I will bring some suggestions to the table to fix this issue. First > I would like the RIPE NCC legal team to review this situation and > publish to this list their considerations. Secondly I suggest the RIPE > NCC unlocks these objects, as it makes no difference to the hijacking > situation that you say has been around for years anyway. Third I suggest > the RIPE NCC aggressively pursues the members who reference these > unmaintained personal objects and pushes them to either maintain them or > replace them. > > Finally I would say that for an issue that the DB WG co-chairs have > known to have been around for many years, I don't see why it needed a > secret, back room discussion and a sudden announcement that the RIPE NCC > has locked a million objects without any community discussion. > > As I am not receiving the emails in this discussion from the DB WG > mailing list, I think you may have already blocked them. So I have cc'd > Athina directly for a legal comment. > > cheers > denis > >> >> Piotr >>
- Previous message (by thread): [db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database
- Next message (by thread): [db-wg] Locking unmaintained PERSON and ROLE objects in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]