IETF Logo Mail Archive

Re: [Ietf-and-github] RobWilton review of draft-ietf-git-using-github-05

Martin Thomson <mt@lowentropy.net> Mon, 16 March 2020 04:12 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 596753A09C4; Sun, 15 Mar 2020 21:12:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=b4Pa0Hz0; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WmRsZ9fu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5x4Gv9vqTKke; Sun, 15 Mar 2020 21:12:47 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A90F03A09BC; Sun, 15 Mar 2020 21:12:47 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 7F543528; Mon, 16 Mar 2020 00:12:46 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Mon, 16 Mar 2020 00:12:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=NOUieCxBhWK5mjVW6FDnUSmAqglc J2psxIfGxEolgBg=; b=b4Pa0Hz0jsAcBQvOrwibLJxlOVUBcQUpuPkc7xMXpVi4 wUbZCAU+21mgJ9uS029pWhyhGvd061VODqUeKoAmIiqbdemmom/s2F2loqJ8QI9B IW7n47fYYSW4vkIrh8xWmoix0+SaiinSClC5qa4ELJf5pCCoh8HRC2rz+yQKxFyH M3A4lprFopaOaE3aATjnlT3x7hP11vYAsu2D+y3n6UmqCYtU5zUwuedODLKAZx/l 5iA/SgId/VjWwtdUiHX+3xTs7QCr1ngDAlkj1KKpBmqS1CHHBmW7rR+Ch3fPshC2 aD1LMjoleIURhs9uX6qd5Z29dGeWZGZacg9L90Wtbw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=NOUieC xBhWK5mjVW6FDnUSmAqglcJ2psxIfGxEolgBg=; b=WmRsZ9fuPF8CbCBOExhJkP X9UQkwKawzZqdslwhpWipsVgY7TKnw6IiS17beVTDSXlhbhEuMNLwBNlzWP3uc1I +tTA+JbykweAyssOEgu0A+FArLKv1E2ZX5/Qy7v0DAz7+xXqV2g4NNrMRF9gmwDk Br1/qHnm8BaCHxyuDOeIPNjCckIDjnMofgq1Qovc1XOfUW3uWBj8jrE5dyeG/GCE 1TAUPqQXtkjl5dwaGCjjEvYqes0TVDHYzhDMA4XnUaaP3ud0JRg3gI3cyMn6z+6t m0NntdPAYURvWLovluL152r23+A8a9wjCVwYMrZedcwRxBAKqnyGyKNwK6oAUkRA ==
X-ME-Sender: <xms:vfxuXhTNLsNmsrR5D-or05OzM1o1aTDwhOfEIOMFsiqnMgUHZThgKQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudefuddgudeflecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ffohhmrghinhepghhithhhuhgsrdgtohhmpdhsohhphhhoshdrtghomhdpshhtrggtkhgv gigthhgrnhhgvgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:vfxuXhwKzPBPlAmBeLDFl0h98yuDnJSiXXEY1lx7SJzBmsi7O95Dwg> <xmx:vfxuXr2Dr99ppqUwmMWtZujBedwQ867pQopLrIomtQ2errtCbgt7Fw> <xmx:vfxuXn7zch-mQBz0YGQk1zJjMJ3KwIL5DpI5no1NqdgWvss9XsAqCA> <xmx:vvxuXkgNFp743r_JpOle0mO5xe1iuhQzKlGgbIsaT5GcYIzCJfAKFw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9CC60E00B8; Mon, 16 Mar 2020 00:12:45 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-991-g5a577d3-fmstable-20200305v3
Mime-Version: 1.0
Message-Id: <fdbcda1c-7b96-4932-a79b-9752fb9e63ae@www.fastmail.com>
In-Reply-To: <MN2PR11MB4366EF66BE23577FDC1A05EAB5FA0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <BY5PR11MB43554E4D2C6E916F070B680BB5FF0@BY5PR11MB4355.namprd11.prod.outlook.com> <03a88995-a64b-4214-a408-1e826f3ecc9a@www.fastmail.com> <MN2PR11MB4366EF66BE23577FDC1A05EAB5FA0@MN2PR11MB4366.namprd11.prod.outlook.com>
Date: Mon, 16 Mar 2020 15:12:26 +1100
From: Martin Thomson <mt@lowentropy.net>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, The IESG <iesg@ietf.org>, "draft-ietf-git-using-github@ietf.org" <draft-ietf-git-using-github@ietf.org>
Cc: "ietf-and-github@ietf.org" <ietf-and-github@ietf.org>, "git-chairs@ietf.org" <git-chairs@ietf.org>, Christopher Wood <caw@heapingbits.net>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/nOJY0vV1CXwKvFEp5dbmpNxOeto>
Subject: Re: [Ietf-and-github] RobWilton review of draft-ietf-git-using-github-05
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities, particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 04:12:50 -0000

On Fri, Mar 13, 2020, at 23:03, Rob Wilton (rwilton) wrote:
>   I personally think that having a
> > backup is sensible.  At the same time, having a single account with access
> > to many repositories is a bit scary.
> [RW] 
> Hum yes, maybe having the Secretariat on all WGs is not a good choice.  
> Perhaps we should say that all ADs for the area should be owners rather 
> than just the responsible AD, and there must always be a minimum of 2 
> owners?  So, for the general area perhaps it would be the AD and the 
> Secretariat?
> 
> Obviously this would need to be aligned with the config draft.

I will raise the question with the WG, as it is not limited to this draft.  The -configuration draft has a broader net that includes the responsible AD, the ADs for the area, and the secretariat.

> [RW]
> My concern is less about losing the data (since that is being backed 
> up), but more about losing control of an account/organization that is 
> under the IETF's name.  I'm not sure what policies Github has for 
> recovering an account/organisation that one loses control over, but I'm 
> sure it would be hassle, and embarrassing. 

I'm sure that the process is torturous.  I tagged some text on to other changes I'm making.  See https://github.com/ietf-gitwg/using-github/pull/52/commits/302feb524c457f10a3fea21dcee140bd5dc6218e

> FWIW: It is this sort of article that I am concerned about:
> https://nakedsecurity.sophos.com/2019/03/25/thousands-of-coders-are-leaving-their-crown-jewels-exposed-on-github/
> 
> Some of the contributors to IETF will be quite new to git/github etc, 
> so really it is about warning them about stuff they should be careful 
> to avoid.  Even a sentence or two in the security considerations might 
> help.

I think that this is a question of scope.  Personally, I think that's going a little outside the remit of the draft.  And I'd rather attack this particular problem with tools.

> FWIW, it is this sort of issue that I am concerned about:
> https://networkengineering.stackexchange.com/questions/44010/is-ipv10-a-joke-or-a-serious-rfc-draft

Ah, that old problem. :/

I don't think that we can help with that, other than avoiding paving the path to having something look official.  We've talked about having tools like xml2rfc produce different styling for individual drafts than is used for presenting "official" content on IETF-controlled servers.  That might help, though things progress very slowly on this front.

v2.23.0 | Report a Bug | By Email