--On Friday, July 11, 2025 12:33 +0100 Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: > On 11/07/2025 00:44, Jay Daley wrote: >> Hi John >> >> It's a public Trello board that does not require a login to >> view. I just tested it to make sure. > > When I try read it, I get: "To use Trello, please enable > JavaScript." You got further than I did, with at least a hint that failure to enable scripts was the problem. I just got a message indicating the "board" require login access to read. > I allow-listed ietf.org with NoScript yonks ago, and recently had to > add some cloudflare thing to get past the pre-login captcha (with a > limit on the calling page being ietf.org which took quite a while to > figure out) and now I have to add who knows who else to see the list > of side meetings? Same problem, only I think I'm still allowing some cloudflare thing only on a "temp trusted" basis rather than globally/ permanently. > /me unhappy, in particular with this most recent one where the > putative benefit (joint editing of side-meeting roster to avoid > conflicts) seems like only a tiny win at the cost of significant > widening of the attack surface for all NoScript users. Exactly > I suggest looking for some other way to handle side meeting co- > ordination with no or fewer bad side effects for next time. Yep. See my note posed a few minutes ago. To generalize a bit, I think we may be at the point when any decision to adopt (or implement) a tool that widens the attack surface for IETF participants should require a summary of what is being exposed and how and what alternatives might exist. That those summaries be public and readily available to the community. I'm not suggesting a mailing or any sort of formal community approval process that would make us permanent residents of a bikeshed. Just requiring that the "is this exposure really necessary" questions be asked and answered, with informal ways to question any sloppy analyses, might result in less exposure and better-thought-out tools. It would also help the IETF set a good example for the rest of the community, which I think would be A Good Thing. best, john
