#20886 closed task (implemented)

Track expiring approved-routers.conf entries from 2006 to 2015

Reported by: dgoulet Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/DocTor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We are about to remove the 4273 entries of the approved-routers.conf from the dirauth-conf git repository. Those entries are all fingerprints dating back from 2006 to end of 2015.

This commit is to track those with the tracked_relays.cfg module of DocTor.

Child Tickets

Change History (5)

comment:1 Changed 19 months ago by dgoulet

Status: newneeds_review

comment:2 Changed 19 months ago by arma

David: not that this is super critical, but, why remove old fingerprints? Removing old IP addresses makes a lot of sense, since they could be reused for totally different new people.

But a fingerprint that was a bad relay isn't the same. Nobody is going to accidentally reuse that key on a new relay.

Is it just a performance thing on the directory authorities? I don't think that's been critical path so far.

Or is it a cleanliness thing for the dir auth operators? I could get behind that I guess. But I want us to be sure we know what we're getting and not getting here.

comment:3 in reply to:  2 Changed 19 months ago by dgoulet

Replying to arma:

David: not that this is super critical, but, why remove old fingerprints? Removing old IP addresses makes a lot of sense, since they could be reused for totally different new people.

But a fingerprint that was a bad relay isn't the same. Nobody is going to accidentally reuse that key on a new relay.

True.

Is it just a performance thing on the directory authorities? I don't think that's been critical path so far.

Or is it a cleanliness thing for the dir auth operators? I could get behind that I guess. But I want us to be sure we know what we're getting and not getting here.

Main point is cleaning old entries. That approved-routers file is above 4000 lines and shouldn't be the place for an "archive" imo and most of those entries have very little context on why they were blocked or to which IP they were linked to.

So, I don't see the point of keeping them around in that file. We should keep our configuration tidy and have a side database to track more things which incidentally someone started working on in the bad relay world! :).

comment:4 Changed 19 months ago by atagar

Sorry it's taking me a while to get to this. I'll aim to merge and get this out tomorrow.

comment:5 Changed 19 months ago by atagar

Resolution: implemented
Status: needs_reviewclosed

Merged, thanks David! Feel free to reopen if you need anything else.

Note: See TracTickets for help on using tickets.