"Adam H. Kerman" <
a...@chinet.com> writes:
> chi.*, for instance, hasn't had a hierarchy administrator since Gerry
> Swetsky moved away. He never sent a newgroup message to start a new
> group that I recall, all groups were started before he was the
> administrator. But if a group were proposed, we were supposed to get
> together for an in-person meeting, probably called as Uniforum Chicago
> or a successor if it's still meeting. It was pretty informal and mostly
> an excuse to drink beer, if it ever happened. If people wanted a new
> group, Gerry would have sent a newgroup message.
The thing is, though is that none of this has happened. Even ten years
ago, legitimate unsigned control messages basically don't exist. So far
as I can tell, the last change to chi.* was Hipcrime sabotage that we had
to manually reverse because we still had this unauthenticated control
message policy. In fact, nearly all chi.* control messages that are
archived are abusive sabotage. Thankfully that hasn't happened since
2002, but if it happened again, it would be a giant mess and a huge pain
for me to clean up.
>> Historically, control.ctl has included entries for large numbers of
>> local, regional, and language hierarchies that predate control message
>> signing or that didn't go to the trouble of creating PGP keys and
>> setting up signing.
It turns out that I was probably wrong about this and David Lawrence
instead did tons of manual cleanup. There are a bunch of forged control
messages for chi.*, for example, from back when this was common.
> Unless any of the massive attacks included bogus newgroup messages in
> any of these hierarchies, why would they have bothered to have
> implemented authenticated control messages in the past?
With the above correction, I can note that this did happen, and yet they
still didn't implement authenticated control messages, unfortunately. I
suspect in most cases that's because these folks are no longer using
Usenet, and in most cases (such as with Gary Swetsky) no longer have the
email addresses that they were using to send these messages (and in some
cases may no longer be alive; it's been 30 years in many cases).
> I haven't reviewed the documents in years, but rone's unified
> control.ctl used to list a dozen local hierarchies with a note as to
> which institution or News server provider they were for. I thought once
> you took over the document, you purged them as they aren't Usenet, or
> you moved the list to hierarchy-notes.
I don't *think* I removed anything unless I could confirm that it was
defunct. But lots of these hierarchies are just unmaintained and in use
but not changing the newsgroup list.
I see that what I did for wpg.* was replace the entry with:
## WPG (Winnipeg, Manitoba, Canada)
#
# This hierarchy is still in use, but it has no active maintainer.
# Control messages for this hierarchy should not be honored without
# confirming that the sender is the new hierarchy maintainer.
I could do something similar for the others, which would avoid losing the
URL if it still works.
> Well, yeah. And I would request that you continue to treat them as
> "There is no problem to fix."
The problem with doing this from my perspective is that at any point it
could turn into a giant problem for me to fix, and should that happen, the
amount of time I'd have to spend on it would be way higher than the amount
of time it would take for me to prevent this proactively now.
> A lot of nearly dead hierarchies may still have a bit of discussion in
> the *.general or equivalent newsgroup. Let's leave the option that if
> there's an actual need to propose and create a new group, that there is
> no requirement to implement authenticated control messages without a
> need for it.
I think that's what my proposal does?
Removing them from control.ctl doesn't remove the newsgroups. It just
means no changes will be honored, and the existing newsgroup list will be
kept as-is. That seems fine? If someone wants to change it, they would
have to create a PGP key and set up some software to issue the control
messages, which is a bit higher of a bar, but in practice this seems to
happen rarely and I'm sure a bunch of people here would be happy to help
if it came up.