On Mon, Jan 4, 2010 at 5:36 PM, Kobi Shmueli <kobi@dal.net> wrote:
I disagree with you, just because someone may use it too widely or incorrectly doesn't mean it's a security risk to all channels. Static IPs do
I believe it's probably a security risk to most channels that try to use it. Services' online documentation doesn't explain to users the actual differences and side-effects of placing a mask VS placing a nickname on the AOP or SOP list. No amount of "some users have static IPs" justify SOp patterns like *!*sopusername@*.ipt.aol.com And yet, those sorts of patterns have been popular at times (in my estimation). It's easy to make poor decisions, when the documentation doesn't make the implications of certain decisions obvious. Different people arrive at a different understanding of services' features. A consistent, user-friendly interface is often better, than one that provides more features in an inconsistent way.
exist and people can have legitimate reasons to use them on AOP/SOP lists and we should let them do it if they so wish.
Can you explain what it is about your use case, that prevents a NickServ access list from being used instead of a mask on the SOp list? There actually is just 1 use case, where listing by mask in the SOp or AOp list is superior... in a SOP list you can specify nickname!*username@*.host.com In a NickServ access list, you can only specify username@*.host.com (**I suggest that should be changed also, so that you cannot be ACC 2 for ChanServ purposes to a nickname that you are not currently using) Keeping in mind, the NickServ access list can be serviced more easily. For example, if the user's static IP changes, they can delete the entry, without waiting a few days for the founder to come by and fix it. Listing the nickname in the ChanServ list provides better accountability, than a huge list of masks, 3 years ago, when nobody remembers which OP each mask belongs to.
Furthermore, ChanServ SET IDENT is enabled by default so masks on AOP/SOP lists won't affect anything unless the founder specifically turns IDENT off.
Yes... I suppose they may give up with masks in frustration and try nickname.. or keep tinkering around with the settings until they figure out about this strange 'IDENT' setting, and how it's "stopping their ops from getting opped" (for some reason) -- -J