|
On 8/2/19 5:15 PM, John Levine wrote: In article <20190802113501.GA8922@xxxxxxx> you write:On Wed, Jul 31, 2019 at 08:43:42AM -0400, Keith Moore wrote:IMO it is dangerous for IETF to be dependent on an externally-run platform that is subject to change at a whim.I strongly concur with this. The IETF should run its own repository, subject to its own policies/procedures/etc. Yes, that's more work, but it assures autonomy and it's much less work than frantically trying to adapt to a sudden change imposed by an external platform -- whose agenda is not the IETF's agenda.This sort of argument quickly runs down a rathole of hosting our own servers, generating our own power, and fabbing our own chips. No, I don't think so. - In my experience, outsourcing servers works very well and comes
with few compromises other than cost. I can run any software I
like on the servers I rent, and if I decide to do so, I can move
that software to other providers' servers fairly easily. I
assume the same is true for IETF. - There are usually not many ways of obtaining power in a
particular location, but at least power is fairly standardized in
an area (the same equipment runs no matter who supplies the power)
and regulated in such a way that prices are reasonable. In other
words, utility power is cheap enough in comparison to other ways
of generating that few customers find it advantageous to generate
their own power full-time. (This is changing somewhat due to the
reduced cost of photovoltaic panels. But as long as customers are
free to choose between utility power and self-supplied power [*],
the utilities will have to keep their prices competitive.) - It's a little hard to understand why we'd want to fab our own chips - unless perhaps all of the available chips have built-in back doors (which is rumored). Even then if we fabbed our own chips we'd still have to outsource some of that, which would make our own chips vulnerable to the same kinds of compromise. (and I realize you were trying to employ reductio ad absurdum
but the analogy simply does not hold.) I don't think the same applies to github. Use of github carries
several risks for IETF and its participants, including the risk of
lock-in to a provider that cannot be assured to act in either
IETF's or the Internet community's interests, and also risks to
the privacy of IETF participants who use it. Yes, a git repo
can be mirrored to other locations, and this might be part of the
solution, but it's not just the git repo that is being used. (I'm less concerned about the requirement that github follow
insane US laws; as you point out, so does IETF. And I share your
assessment of the difficulty of moving IETF to another country,
though it is probably something that should be examined from time
to time as the US becomes more and more hostile to the unfettered
exchange of information.) Keith [*] Granted, this is not true everywhere.
|
