enhance checkgroups handling

Julien ÉLIE julien at trigofacile.com
Thu Aug 16 08:34:10 UTC 2007


Hi Bill,

I believe there was a misunderstanding as for what we were discussing.
I should have made it clearer.

When I said:
>> Wouldn't it be time to only allow PGP-signed control articles to be
>> honoured?  (inviting current hierarchies maintainers to sign their
>> control articles) Active hierarchies are mostly PGP-managed, though.
>>
>> [perhaps we should discuss that in news.admin.hierarchies]

I was speaking about general behaviour towards control messages for
Usenet publicly available hierarchies, as explained in
<ftp://ftp.isc.org/pub/usenet/CONFIG/README>.

I reckon that /almost/ all hierarchies which have sent control messages
for a couple of years are PGP-signing such messages.
When I say /almost/, it is because of alt.*, free.* and finet.* (their
newgroup/rmgroup control articles should however still be honoured).

And there is only an issue with bc.* and van.* for which I see
non-PGP-signed monthly checkgroups (with no change for years).


The ftp.isc.org policy is in fact what there is in control.ctl whose
master is available from <ftp://ftp.isc.org/pub/usenet/CONFIG/control.ctl>.
And I was suggesting that there were no "doit" entries for non-PGP managed
hierarchies (and instead put a "mail"(?) or a "log" for instance) since
such hierarchies can too easily be forged and lead to attacks on news servers
which honour all these control articles.
I believe it is not big deal since there haven't been changes in all these
hierarchies for years.



> Commercial sites tend to carry more small hierarchies, perhaps, and the
> hierarchy control rests with one of the moderators of a group, or
> perhaps some other clueless user. The point is that if you want people
> to use PGP someone has to document that for the lowest common denominator.

The fact is that processing non-PGP-signed control articles will still
be implemented.  But (I hope) it will not be the default in control.ctl.

Your remark makes me think that we really need a control.ctl.local file
for users to easily add local hierarchies entries in that file.  This will
also make control.ctl updates afterwards easier for them.



> This isn't just an INN problem, but it should be addressed before trying
> to change the way admins do things. Usenet isn't run by savvy folks at
> workstations using command line tools and more, one of the reasons I
> left SBC. It must cope with clueless admins and brain-dead management.

If people still want to honour non-PGP-signed control articles, they will
be able to.
You're also right regarding documentation.  It is not very clear up to now
(especially regarding automation).  I think I can make a whole-documented
stuff for signcontrol.py since Python is perhaps easier to use on a Windows
environment and so are interactive scripts.
Besides, I also have Python interactive scripts to post a FAQ to
news.admin.hierarchies, a list of groups to news.lists.misc and a summary of
changes over the last weeks to the admin group of a hierarchy.
I can document them and release them to public too.

They are very easy to use (click and answer questions).

-- 
Julien ÉLIE

« Plus on connaît, plus on aime. » (Vinci) 



More information about the inn-workers mailing list