Re: [Tools-discuss] [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?

Robert Sparks <rjsparks@nostrum.com> Sun, 01 August 2021 17:39 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: tools-discuss@ietfa.amsl.com
Delivered-To: tools-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DD8C3A0C86 for <tools-discuss@ietfa.amsl.com>; Sun, 1 Aug 2021 10:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.08
X-Spam-Level:
X-Spam-Status: No, score=-2.08 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMEiAkep7yfG for <tools-discuss@ietfa.amsl.com>; Sun, 1 Aug 2021 10:39:01 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAC8A3A0C81 for <tools-discuss@ietf.org>; Sun, 1 Aug 2021 10:39:00 -0700 (PDT)
Received: from unformal.localdomain ([47.186.34.206]) (authenticated bits=0) by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 171HcxCg039929 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for <tools-discuss@ietf.org>; Sun, 1 Aug 2021 12:38:59 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1627839540; bh=4L7bXoGBDgD0M9rbu7DtKWg+4nrRQBUY2Tvh2GTF2Gw=; h=Subject:To:References:From:Date:In-Reply-To; b=RI8JcJUXDVK7j6Whyt/93dMO4sQ1Y1DT4i1jSRXAyf86gQe+i8hVDpXg8nE1kMP3e s3/SXxepB2XDD6ZmKSr3zdjZbbYGHb0LhVa4/5A7Vs/eIuLjL2I+TyV8WtvH/7/aSD XrsV9Bzia7WysMb5DweqWfRyttIolHuw/IYUlqrI=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.34.206] claimed to be unformal.localdomain
To: tools-discuss@ietf.org
References: <8a1018d3-62da-a740-72d6-bb370af71a9e@joelhalpern.com> <20210731193455.C04E625657CF@ary.qy> <7A01A718-246F-4DFD-B522-EC4D7C945199@akamai.com> <72755DA5-56E8-4DF9-A2B6-2BBDD315094A@tzi.org>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <05a2506a-2568-0acd-afe1-951c77d40141@nostrum.com>
Date: Sun, 1 Aug 2021 12:38:54 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <72755DA5-56E8-4DF9-A2B6-2BBDD315094A@tzi.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tools-discuss/f-TTeNtTB19Io70css5W-FuP0UI>
Subject: Re: [Tools-discuss] [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?
X-BeenThere: tools-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Tools Discussion <tools-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-discuss/>
List-Post: <mailto:tools-discuss@ietf.org>
List-Help: <mailto:tools-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 17:39:06 -0000

Would it be too large a step to make the sitewide default for new notes 
be "editable"?

Notes that need a lower bar (allowing anonymous access) for some reason 
could go explicitly change the setting.

RjS

On 8/1/21 10:47 AM, Carsten Bormann wrote:
> OK, so the summary of the 111attendees discussion is that we don’t want unauthenticated write access to meeting notes.  Less well-discussed is that the authorization rule is that anyone with a datatracker account has write access, but I think that implementing anything more granular (e.g., attendee status for the meeting that generated the minutes) would be actual work.
>
> The authorization rule seems to correspond to CodiMD’s “editable”, which is therefore the setting we should choose for meeting notes.  Whether we can do that automatically from the place where the meetings are assigned codimd names or have to do this manually is then a procedural thing to be discussed on tools-discuss.
>
> Grüße, Carsten
>
> ___________________________________________________________
> Tools-discuss mailing list - Tools-discuss@ietf.org
> This list is for discussion, not for action requests or bug reports.
> * Report datatracker and mailarchive bugs to: datatracker-project@ietf.org
> * Report tools.ietf.org bugs to: webmaster@tools.ietf.org
> * Report all other bugs or issues to: ietf-action@ietf.org
> List info (including how to Unsubscribe): https://www.ietf.org/mailman/listinfo/tools-discuss