IETF Logo Mail Archive

[Ietf-and-github] AD review of draft-ietf-git-github-wg-configuration-05

Barry Leiba <barryleiba@computer.org> Fri, 07 February 2020 16:30 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A4501208FB; Fri, 7 Feb 2020 08:30:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEReKjUCBDs8; Fri, 7 Feb 2020 08:30:18 -0800 (PST)
Received: from mail-io1-f67.google.com (mail-io1-f67.google.com [209.85.166.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C8BE120911; Fri, 7 Feb 2020 08:30:15 -0800 (PST)
Received: by mail-io1-f67.google.com with SMTP id d15so176697iog.3; Fri, 07 Feb 2020 08:30:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=80kjWypNWsTJ1JfC7JZDBR+vC6maIJckYHuDLcijPoA=; b=oF08Fc+ysbQQiP5CLzn0dIiUOexcBPJwe02zcl+G13pu3fobIhd/u0YxNGvFu40NE/ eEAX6d7UF13A6BB2blKnNEZVh+AA5SoYwiyjZErIbPpmJnbJWCLAIrLis179nw/2yYH/ LDgLoTfpiQP46xZw091bUPruKRU/rpZW5+oTeAdWVaB6GjGxwBWO9P0i2d60WigxvFYc XgopiC9UdEd2tvalMeWSaja/P/tmpKkVkPwz5UtoiU1xdOsyb8xnbsJ/JO77WbYn5I5c LQ3hOxTrRcvV5hf/XkwxACzhLYN3BEk83ho5geTi8kwkzG5qBy2S72hqsxavJgJXoi1s Cu4g==
X-Gm-Message-State: APjAAAVCiWCGG2kULJxcrZm8stTQrvLEGFKa4dim0yjAUc6G6Xlvveqs oRUdrpf11nb61FZLtJXN/J2fogyp8I5TUy/hh2ShRM9j
X-Google-Smtp-Source: APXvYqxXsRg9MgxmGW0vUWez8eIkKyrz5MlhUGHB0+/3K90f97DdYuSWUr02m7HBnd9TXt+BJUWSXbLqwx6NVhV1mYQ=
X-Received: by 2002:a5d:9b94:: with SMTP id r20mr175213iom.140.1581093014117; Fri, 07 Feb 2020 08:30:14 -0800 (PST)
MIME-Version: 1.0
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 7 Feb 2020 11:30:02 -0500
Message-ID: <CALaySJLuEDETWX6QTS4YmoqBPMf+7H+39cy9E5JYT=6f+8cY4A@mail.gmail.com>
To: draft-ietf-git-github-wg-configuration@ietf.org
Cc: ietf-and-github@ietf.org, git-chairs@ietf.org, caw@heapingbits.net
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/oM3GP2LJq9UeJrjNu8sK0tpYacM>
Subject: [Ietf-and-github] AD review of draft-ietf-git-github-wg-configuration-05
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities, particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 16:30:20 -0000

I’ve picked this document up as responsible AD, because Alissa is an
author on the document.  There’s one item in my review that I’d like
to have addressed before this goes out for last call; the rest don’t
need to block last call, but they should be easy to address.

Blocking comment:

— Section 2.4 —

   When a working group is closed, the team with administrative access
   would be removed and the owner list would be returned to its initial
   composition.

What “initial composition”?  The Secretariat and the ADs at the time
the organization was created?  That doesn’t make sense.  The
Secretariat and current ADs at the time of closing?  That’s not
“initial”.  Or do you have something else in mind?


The rest:

— Abstract —
Just a note here that the second paragraph should be removed before
publication.  I’ve put this in as an RFC Editor Note.

— Section 1 —

   proposals in this document, the functional requirements would need to
   be discussed with the IETF Tools Team, and the IETF Secretariat who
   would need to support various pieces of what is proposed herein.

Nit: the comma after “Tools Team” is misplaced, and should be after
“Secretariat” instead.

— Section 2 —

   For example, see
   <https://github.com/richsalz/ietf-gh-scripts> and
   <https://github.com/martinthomson/i-d-template> for working examples
   of automation that is in use in some working groups.

Two things here:

1. Nit: “For example … for working examples” is redundant; I suggest
starting the sentence with “See”.

2. I’m not sure that these URLs will stand the test of time, remaining
valid in an archival document.  On the other hand, having them here as
examples is certainly useful.  Perhaps we could archive them on an
ietf.com page, or perhaps the RFC Editor could do so on an
rfc-editor.com page?

   In this document the question of whether processes should be manual
   or automated is deliberately left ambiguous

“Ambiguous” isn’t the right word — it carries a connotation of
confusion.  I suggest “unspecified”.  And there needs to be a comma
after that word, whichever we choose.

— Section 2.2 —

   be able to run steps 3 and 4 from Section 2.1 so that the rest of the
   activities in this section such as personnel work the same for the
   organizations that were created on their own.

I find this awkward; I think it needs commas and a minor edit:

NEW
   be able to run steps 3 and 4 from Section 2.1 so that the rest of the
   activities in this section, such as personnel changes, work the same
   way as for organizations that were created as specified herein.
END

— Section 2.5 —

   o  Creating a new repository for an individual draft that is at the
      discretion of the WG chair;

What does “an individual draft that is at the discretion of the WG chair” mean?

— Section 4 —

   An attacker who can change the contents of Internet Drafts,
   particularly late in a working group's process, can possibly cause
   unnoticed changes in protocols that are eventually adopted.

Indeed, and so should we propose any mitigations?  Using a github
instance that’s maintained and secured under ietf.org?  At the very
least we’ll need to rely on careful review during the publication
process, including verifying what changes were made at each step and
flagging questionable changes.  The text here should probably say
something more.

-- 
Barry

v2.8.7 | Report a Bug | By Email