See Comments On 5/26/2010 5:15 PM, Kobi Shmueli wrote:
Coca Cola wrote:
1) +S should be available only for channel opers connected through SSL (In a case of a new channel with one single chanoper).
I agree with that. I don't get it. How did DALnet implement the +S channelmode? It sounds like they deviated from what everyone else to my knowledge does with this mode. We researched this heavily 5 or 6 years ago when we implemented it and.. back then there were not many SSL capable networks out there... less than a dozen for sure. To my knowledge, all that have implemented some form of SSL only user restriction have followed the same rules we followed. I think we may have gone just a bit further, but not by much. I need to look at it more in depth.... I am just very busy these days.
2) +S should be available for use ONLY if ALL users in the channel are connected through SSL.
How do you suggest we enforce that? Easily. No SSL no join.
3) Invites should NOT over-ride +S and if for any reason someone non-ssl joins, S mode should be removed by the server.
I agree with the /invite part and I also think the +I list shouldn't bypass it either. As for the second part, I don't really see the point if servers will only allow SSL users to join.
The whole point for some of us coding +S into Bahamut with SSL was to prevent anyone NOT using SSL from joining the channel. -Period- There are a certain subset of users that want it that way, for whatever reasons.. not for me to decide. [on Freequest] when we created these modes it was simple.... if your NOT using SSL you are -NOT- getting in. The only exception to this was being an oper or a service. We were early adopters of SSL and had to learn all of this the hard way. In short, I can't see what the point of having an SSL only channel mode (if this is what it is) that does not prevent non-SSL clients from joining. Hence the above question.... what did DALnet do differently from virtually everyone else?
4) No exceptions/overrides for /samode. (Perhaps only ulines should override it but at as far as i know ircservices at least "enforce" the mode and kicks out non-ssl users).
I disagree with that, /samode and /sajoin should be able to bypass these restrictions. We never prevented this either, and because we want services/opers to chase into +S channels as well. Like it or not users do incredibly dumb things and opers/admins have to gain entry to stop whatever crap users are doing that are a detriment to the network or -other- networks.... be it flooding, operating botnets, etc. Disallowing this gives botnet operators a free ride... I can pretty much say for certain that it won't happen on any network... or let me put it this way - any network that is managed with anyone that has common sense. I have seen some stuff in my many, many years out here.
But, this is DALnet.. and you guys do what you will :) On another note, thanks for finally putting SSL support in..... makes life easier when merging back :) Although it does appear I have to fix some things still. -Mark
-Kobi. _______________________________________________ DALnet-src mailing list DALnet-src@lists.dal.net https://lists.dal.net/mailman/listinfo/dalnet-src