Dear Denis, Thank you for your request. Please allow me some time to look into this matter. I will provide you and the list with my comment next week. Kind regards, Athina Fragkouli Head of Legal RIPE NCC On 14/04/16 13:31, denis wrote:
Hi Piotr
On 14/04/2016 08:41, Piotr Strzyzewski wrote:
On Thu, Apr 14, 2016 at 01:07:01AM +0200, denis wrote:
Denis
You really are barking up the wrong tree here.
Nice try, but you misinterpret my intentions.
This is a very condescending remark.
On 14/04/2016 00:31, Piotr Strzyzewski wrote:
On Thu, Apr 14, 2016 at 12:00:45AM +0200, denis wrote:
Denis
Taking your arguments stated above, I once again (this time more clear) say that rolling back the change to allow changes to the PERSON object name would _not_ have fixed the problem.
Maybe not, but it would have been a harmless change. Your action has
This change has been discussed and expected in this community at least from the year 2000.
For a start this database with this (broken) data model did not exist in 2000. It was released to production in April 2001.
Which do not proof that there was no desire/discussion/need for change of the person name even earlier:
https://www.ripe.net/ripe/mail/archives/db-wg/2001-January/001512.html
And has been checked by You in 2014 with RIPE NCC's
legal team. I haven't seen any technical, legal, procedural (nor any other) objections raised by You under issue 221 (https://github.com/RIPE-NCC/whois/issues/221). What has changed during last 1.5 year?
Issue 221 was about changing the PERSON object name. It was agreed by the RIPE NCC legal team that they saw no problems at that time. What has changed is that you have now identified a hijacking issue. Rolling back that change would have prevented 'easy' hijacking by simply changing the name of an unmaintained PERSON object to your name. By locking the objects they now have to 'get' ID in that name. As you pointed out that seems to be easy, although I have no idea how to do something like that.
The hijacking issue was there for years. I'm just surprised that it was not raised by you during the discussion of issue 221.
Again this is another condescending remark. You imply that I should know everything at all times. If you knew about this hijacking issue that you say has been around for years, then as a co-chair of this working group why did you not mention it at the time?
You seem to be determined to 'prove' I am wrong suggesting rolling back the name change would fix this issue. But you don't seem to accept that the action you have taken has also NOT fixed the problem but caused many more serious problems.
Please refrain from suggesting that I have done something.
The whole tone of this thread is one of attack and aggression towards me. You are not discussing the issues but you are discussing me. You are relentlessly pursuing my comments and looking back in history to prove me wrong, instead of trying to move forward. You are doing exactly what you accuse me of.
Moreover, keep saying the mantra about causing many more serious problems is neither the proof of this thesis nor the solution to anything. If you know/see something which could seriously improve the quality of the data, security model, business rules, etc, just bring it on the table.
Sorry but you are missing the point here. It is not a thesis and I have stated the serious problem. I was part of the Data Protection Task Force many years ago. I spent a lot of time with the RIPE NCC's lawyers discussing the data protection issues around the RIPE Database.
The action you have taken HAS already created a data protection issue. There are now about a million personal data sets in the database that the data subjects cannot change. The RIPE NCC has stated it will not unlock any of these objects as they cannot be sure who they refer to. The RIPE NCC, as Data Controller of this database has a million personal data sets in their database that they cannot assert contain accurate data and they have prevented the data subjects from updating their personal data. The RIPE NCC also, even as Data Controller, cannot do anything to fix or replace these personal data sets.
Now I will bring some suggestions to the table to fix this issue. First I would like the RIPE NCC legal team to review this situation and publish to this list their considerations. Secondly I suggest the RIPE NCC unlocks these objects, as it makes no difference to the hijacking situation that you say has been around for years anyway. Third I suggest the RIPE NCC aggressively pursues the members who reference these unmaintained personal objects and pushes them to either maintain them or replace them.
Finally I would say that for an issue that the DB WG co-chairs have known to have been around for many years, I don't see why it needed a secret, back room discussion and a sudden announcement that the RIPE NCC has locked a million objects without any community discussion.
As I am not receiving the emails in this discussion from the DB WG mailing list, I think you may have already blocked them. So I have cc'd Athina directly for a legal comment.
cheers denis
Piotr