411 vs. 502 for permission denied reading groups

Russ Allbery rra at stanford.edu
Sat Oct 2 05:58:24 UTC 2004


Jeffrey M Vinocur <jeff at litech.org> writes:
> On Fri, 1 Oct 2004, Russ Allbery wrote:

>>     Instead, if the user is not authenticated, return 480, and if the
>>     user is authenticated, return 502.  This means that a user can
>>     determine that a group exists by probing for it and seeing if they
>>     get 411 or 502, but the protocol is cleaner.

> I think, in net, this is a good change.  I've certainly seen problems in
> practice with there simply being no way to implement a desired
> "newsreading experience" with the previous behavior.

Yeah, Mark Crispin had run into serious problems there, to the point where
he's just given up on trying to do reactive authentication in a client.

> I did just come up with a slightly crazy idea that might be a further
> benefit and not impossible to implement...

> What if we add a readers.conf access block parameter to specify a list
> of groups that should always be treated as "not found" regardless of
> whether they exist?  Or alternatively, a boolean parameter as to whether
> to use the new behavior or the old behavior.

I think I like the former idea better than the latter, as it fits in very
well with the existing read: and post: keys.  We can add a hide: key that,
for that particular access block, means that those newsgroups should be
treated as if they don't exist.  We'd have to define the precedence should
something occur in hide: as well as read: and post:, but that's doable.

I think that's a very good idea.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list