On 4 Jan 2024, at 18:55, denis walker <ripedenis@gmail.com> wrote:
"Is it time to discuss redesigning (parts of) the RIPE Database?”
IMO, no. Your question is a bit like asking what colour the new carpets should be while the house is on fire. :-) The first priorities should be to plug the security issue(s), secure the exposed LIR accounts and do an audit/impact analysis. Discussions about next steps can wait until these have been done. Those next steps may well include a redesign of the RIPE database. Though I think other things would need attention before that: revising the RIPE Access requirements, introducing 2FA, assessing the report about the latest breach, etc. It seems premature to debate changes to the database when it’s not yet clear what needs to be done. That may well be clear to you Denis. But perhaps your thoughts will need a reassessment in light of this security breach.