Hi Philip, On this point:
So, assuming for a moment that we cannot let 'third party' probes connect to the Atlas infrastructure, because we cannot trust the results, what would be the point of releasing the source? One is that somebody may want to run his own private copy of the whole Atlas system. But that is going to to be a lot of work setting it all up.
...
If we would allow third party probes to connect, but it ignore their results and not schedule any UDMs on those probes. Just publish the raw results somewhere. Would that be a net benefit to the community, or just a PR disaster waiting to happen?
I think you may be skipping a potential middle point here. Thinking back to RIPE 61, there were some folks who were offering to manufacture probes if the firmware were open-source. That seems to indicate that a "partnership" model might be viable, in which anyone can get the source code, but if a probe maker signs a contract with RIPE, then their probes can feed information into the real RIPE Atlas system. Having contracts would provide a way for RIPE NCC to get guarantees related to security, fraud, etc. A more open model might not be useless, either. After all, one can make much richer decisions based on data sources than "accept/ignore". As long as the data is source-tagged, then different sources can be compared for consistency, which would provide some validation that the probes aren't providing completely bogus data. Putting these two ideas together, it seems like you could enable two "classes" of data, "high assurance" from probes made by RIPE NCC and its partners, and "low assurance" from anyone else. Think of it as a "freemium" model -- it's cheap and easy for small-scale projects to feed into the "low assurance" class, but if you want to be a real contributor, do the work to get into the "high assurance" class. You could even provide additional features to "high assurance" sources (UDM access / management, say) as an incentive. --Richard