diff mbox series

[v2] overrides: clarify file contents and policies

Message ID 95bbf0af-99e9-edb3-5813-ec1e32f756da@ipfire.org
State Accepted
Headers
Series [v2] overrides: clarify file contents and policies |

Commit Message

Peter Müller Aug. 8, 2021, 4:37 p.m. UTC 
  This patch updates the disclaimer blocks at the beginning of the
override-*.txt files, to be more accurate and helpful to people wishing
to propose changes to them.

In addition, a remark regarding the A[1-3] country codes has been added.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    | 26 ++++++++++++++++----------
 overrides/override-a2.txt    | 20 ++++++++++++++------
 overrides/override-a3.txt    | 20 +++++++++++++++-----
 overrides/override-other.txt | 26 ++++++++++++++++++--------
 4 files changed, 63 insertions(+), 29 deletions(-)
diff mbox series

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 284c3e8..77d5b08 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -1,19 +1,25 @@ 
 #
 # override-a1 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/adresses
-# which are - in fact or with a high level of confidence - anonymous
-# proxies (special country code: A1).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for publicly available services for forwarding traffic anonymously, such as
+# VPN providers.
 #
-# Since it does not make sense to assign them to a county, they
-# will be flagged as "A1" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country. Therefore, they will be flagged
+# as "anonymous proxies" in libloc query results.
 #
-# Although we do not consider them to be bad entirely, they might
-# be unwanted in certain scenarios.
+# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
 #
-# Please note only long-living Tor relay providers with static IPs
-# are listed here, as the list of all Tor relays will be dynamically
-# generated by another script.
+# At the moment, major Tor exit relay providers are included here as well. They will be dropped
+# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
+# relays is imported dynamically while compiling the database.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
index 502948f..223b4df 100644
--- a/overrides/override-a2.txt
+++ b/overrides/override-a2.txt
@@ -1,13 +1,21 @@ 
 #
 # override-a2 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - belonging
-# to satellite network providers (special country code: A2).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for customers or dial-in pools of satellite-based internet services.
 #
-# Since a satellite uplink connection is possible from almost
-# anywhere in the world, it does not make sense to assign them to a
-# specific country. They will be flagged as "A2" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country, since a satellite connection is
+# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
+# providers" in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index d810d93..b07d4b8 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -1,12 +1,22 @@ 
 #
 # override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - believed
-# to be worldwide anycast instances (special country codes: A3).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for worldwide anycast services.
 #
-# It does not make sense to assign them to a certain country, they
-# will be flagged as "A3" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
+# in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
+#
+# Please keep this file sorted.
 #
 
 aut-num:	AS69
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 045b515..d232fc6 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -1,14 +1,24 @@ 
 #
-# override-other [.txt]
+# override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# whose country information in corresponding RIR data is believed or proven
-# to be invalid or inaccurate and which do not match to one of the special categories
-# A[1-3].
+# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
+# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
+# while the majority covers country code assignments.
 #
-# Such networks might be legitimate (poorly maintained WHOIS data), shady
-# (networks owned by letterbox companies in offshore jurisdictions) or
-# hostile (faked RIR data in order to bypass location-based filtering).
+# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
+# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
+# filters.
+#
+# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
+# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
+# in RIR databases were never clarified in this conext.
+#
+# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
+# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #