James Hess wrote:
The functionality is redundant. If you have IDENT ON, the entries by mask don't grant ops. If you have IDENT OFF, the individual channel operators can use their NickServ Access lists for this, and there is no need to list the mask on the channel itself.
In either case, in the present internet, it's a huge security risk, much larger than it was 16 years ago, and the AOP/SOP functionality has stayed basically the same all through this time, despite changes in the threat environment; present day prevalence of botnets, zombies, and proxies-for-hire, listing access by IP address is like hanging a "pwn me please" sign on your channel.
I disagree with you, just because someone may use it too widely or incorrectly doesn't mean it's a security risk to all channels. Static IPs do exist and people can have legitimate reasons to use them on AOP/SOP lists and we should let them do it if they so wish.
The default behavior at least should protect channels against simple spoofing, and not encourage insecure practices.
Furthermore, ChanServ SET IDENT is enabled by default so masks on AOP/SOP lists won't affect anything unless the founder specifically turns IDENT off. -Kobi.