enhance checkgroups handling
davidsen at tmr.com
Thu Aug 16 12:08:24 UTC 2007
Julien ÉLIE wrote:
> Hi Bill,
> I believe there was a misunderstanding as for what we were discussing.
> I should have made it clearer.
> When I said:
>>> Wouldn't it be time to only allow PGP-signed control articles to be
>>> honoured? (inviting current hierarchies maintainers to sign their
>>> control articles) Active hierarchies are mostly PGP-managed, though.
>>> [perhaps we should discuss that in news.admin.hierarchies]
> I was speaking about general behaviour towards control messages for
> Usenet publicly available hierarchies, as explained in
Exactly, and some of the hierarchies are definitely run by non-technical
people. When I was running the news servers at SBC (until last year), we
had a number of these, most notably 'christnet.*' which had
non-technical moderators and hierarchy control (I used stronger
descriptions than non-technical ;-). Since we had to carry these because
the moderators were our users, and because management was afraid to drop
anything related to religion, we fought a battle to keep up with
constant changes in the hierarchy and accusations of censorship if an
improperly approved post didn't show up in a moderated newsgroup.
Since supernews and giganews carried most of these groups, I guess they
were "publicly accessible."
The point is that it's very desirable to have better documentation to
allow required use of PGP. It needs to be usable by an amoeba running
Windows 95. A dyslexic amoeba...
> I reckon that /almost/ all hierarchies which have sent control messages
> for a couple of years are PGP-signing such messages.
> When I say /almost/, it is because of alt.*, free.* and finet.* (their
> newgroup/rmgroup control articles should however still be honoured).
> And there is only an issue with bc.* and van.* for which I see
> non-PGP-signed monthly checkgroups (with no change for years).
> The ftp.isc.org policy is in fact what there is in control.ctl whose
> master is available from <ftp://ftp.isc.org/pub/usenet/CONFIG/control.ctl>.
> And I was suggesting that there were no "doit" entries for non-PGP managed
> hierarchies (and instead put a "mail"(?) or a "log" for instance) since
> such hierarchies can too easily be forged and lead to attacks on news servers
> which honour all these control articles.
> I believe it is not big deal since there haven't been changes in all these
> hierarchies for years.
>> Commercial sites tend to carry more small hierarchies, perhaps, and the
>> hierarchy control rests with one of the moderators of a group, or
>> perhaps some other clueless user. The point is that if you want people
>> to use PGP someone has to document that for the lowest common denominator.
> The fact is that processing non-PGP-signed control articles will still
> be implemented. But (I hope) it will not be the default in control.ctl.
> Your remark makes me think that we really need a control.ctl.local file
> for users to easily add local hierarchies entries in that file. This will
> also make control.ctl updates afterwards easier for them.
Poorly run hierarchies are not always local, but the idea certainly has
merit of its own.
>> This isn't just an INN problem, but it should be addressed before trying
>> to change the way admins do things. Usenet isn't run by savvy folks at
>> workstations using command line tools and more, one of the reasons I
>> left SBC. It must cope with clueless admins and brain-dead management.
> If people still want to honour non-PGP-signed control articles, they will
> be able to.
> You're also right regarding documentation. It is not very clear up to now
> (especially regarding automation). I think I can make a whole-documented
> stuff for signcontrol.py since Python is perhaps easier to use on a Windows
> environment and so are interactive scripts.
> Besides, I also have Python interactive scripts to post a FAQ to
> news.admin.hierarchies, a list of groups to news.lists.misc and a summary of
> changes over the last weeks to the admin group of a hierarchy.
> I can document them and release them to public too.
> They are very easy to use (click and answer questions).
bill davidsen <davidsen at tmr.com>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979
More information about the inn-workers