[20818] in Athena Bugs
Re: clearcerts vs. clear-netscape-password, etc.
daemon@ATHENA.MIT.EDU (John Hawkinson)
Thu Sep 26 15:49:25 2002
Date: Thu, 26 Sep 2002 15:49:20 -0400
From: John Hawkinson <jhawk@MIT.EDU>
To: "t. belton" <tbelton@MIT.EDU>
Cc: bug-infoagents@MIT.EDU, web-agents@MIT.EDU, netscape-release@MIT.EDU
Message-ID: <20020926194920.GR1586@multics.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.33L.0209261119190.19002-100000@iphigenia.mit.edu>
Todd: Buried at the end is one important thing. Just so you don't miss it.
t. belton <tbelton@MIT.EDU> wrote on Thu, 26 Sep 2002 at 11:39:03 -0400 in
<Pine.GSO.4.33L.0209261119190.19002-100000@iphigenia.mit.edu>:
> cc: <bug-infoagents@MIT.EDU>, <web-agents@MIT.EDU>,
><netscape-release@MIT.EDU>
Well, the scope certainly has increased. Is that really necessary,
particulary to include netscape-release on issues specific to
Athena?
> I agree that the names are still a little 'suboptimal.' On the other hand,
> and I cannot stress this enough, the user is supposed to be running those
> clear-certs scripts only when specifically told to do so by a help staffer
> or other guru.
I think this is somewhat impractical.
Firstly, a lot of users are familiar with "clear-netscape-password" and
may recommend it to other users, etc.
The OLC stock answers recommend "clear-netscape-password", "If you've having trouble with getting websis certificates to work."
Various consultants and SIPB members, etc. frequently recommend those
scripts.
I don't think that most consultants, SIPB members, or "gurus" are
really aware of how this interacts with Mozilla. I don't see any
reasonable documentatin having been promulgated, no mail messages
to cfyi@mit.edu ,etc.
> They are very destructive scripts.
While that's perhaps true in the outside world, it's untrue
in the MIT environment where certificates are disposable. So we
should re-evaluate any decisions based on the premise of high
> destructability.
> In fact I believe most users never poke around in those parts of
> infoagents to see what's what, nor should they. (Let's put it
> another way: I sure hope they don't. No user-serviceable parts
> inside.)
It seems a bad idea to rely on users not "poking around" inside lockers.
That's what curious users do, and they should be encouraged.
> The Mozilla 'clearcerts' script has a different purpose. It is meant
> to remove all traces of old, converted 4.x certificates BEFORE
> applying for new ones under Mozilla. They can interfere with getting
> the new certs to work properly. This script, too, has had some
> arguments about its name.
Ah. This new purpose was not clear to me. Where's it documented?
Perhaps we should fix the bug in Mozilla that makes it necessary? ;-)
> I can change the name of the Netscape one but too many people have already
> gotten in the habit of thinking about it as 'zap-certificates.' I can
> change the name of the Mozilla one, but we just spent a couple of days
> agreeing on the name we have!
I think you have two scripts with different functions that are named
far too similarly and will be used for the same function. You need to
reoslve that ambiguity.
> I think I would rather leave them as they are and just try to teach
> everyone once and for all what they do and why they do it. And when to
> leave them alone.
Well, you need to figure out how you're going to teach, and you need
to document a lot better than infoagents ever has. I think this is
fundamentally intractable, and you'll need to resign yourself to people
expecting things to keep working as they have.
> P.S.: 'clear-netscape-password', the old and very uninformative name for
> 'zap-certificates,' has not existed in infoagents for quite a while. I may
> have some stale symlinks to it; I'll check for them.
===> WHOA!!!
Hold the phone! Breaking backward compatibility is _not_ OK.
Most people are not aware of "zap-certificates," and most documentation
has _not_ been updated to reference it.
Please bring it back ASAP, before people lose hard because of it being gone.
I don't think it is ever good idea to remove old names like this, but if
you must, please take a phased approach of finding all references to the
old name, changing them, announcing the name transition, and removing the
old name perhaps a month later.
--jhawk
