Block unknown publishers with per-provider publisher policy #2527
Conversation
For providers that already have a known publisher, create a publisher policy that allows only the known publisher to publish advertisements for the provider.
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2527 +/- ##
=======================================
Coverage 44.68% 44.68%
=======================================
Files 87 87
Lines 11007 11007
=======================================
Hits 4919 4919
Misses 5497 5497
Partials 591 591 ☔ View full report in Codecov by Sentry. |
| @@ -41,8 +41,105 @@ | |||
| "Policy": { | |||
| "Allow": true, | |||
| "Except": null, | |||
| "Publish": true, | |||
| "PublishExcept": null | |||
| "Publish": false, | |||
There was a problem hiding this comment.
Note: Setting "Publish": false, blocks all unknown publishers. This prevents an unknown publisher from publishing/signing advertisements for a provider that has a different peerID.
This also prevents ingesting ads from a new provider that has a different peerID, and such a publisher would need to notify the IPNI operators to explicitly allow the publisher. Existing providers will need to notify IPNI operators if they change their publisher's peer ID.
Please consider the administrative aspects of this before blocking unknown publishers.
For providers that already have a known publisher, create a publisher policy that allows only the known publisher to publish advertisements for the provider.
Depends on #2526
This is draft for now, to delay deploying it for until IPNI future is somewhat clearer.