Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors #2201
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wdhdev
reviewed
Oct 6, 2024
.github/pull_request_template.md
Outdated
|
|
||
| * [ ] This request is made for a subdomain registry service. Abuse contact information (email or web form) is available and easily accessible. | ||
|
|
||
| **URL where abuse contact or abuse reporting form can be found**: |
There was a problem hiding this comment.
Suggested change
| **URL where abuse contact or abuse reporting form can be found**: | |
| **Abuse contact email address or web form**: |
Maybe simplify it a bit
There was a problem hiding this comment.
Thank you for the suggestion @wdhdev ! The difference between URL where abuse contact or abuse reporting form can be found and Abuse contact email address or web form is subtle but somewhat important though.
- The original wording "URL where abuse contact or abuse reporting form can be found" aims to ask subdomain registry operators to provide a direct method on their website where internet users can report abuse. Ideally, anyone can easily reach the responsible party (i.e., the registry, a DDNS service, etc.) directly without relying on PSL to identify the abuse contact or forward abuse cases, which is not PSL’s role.
- For example, if someone finds that a user at
fake-bank.ip-dynamic.org(a subdomain managed by ClouDNS) is being malicious, they should be able to visitip-dynamic.org, identify that the domain belongs to ClouDNS, and find clear instructions on how to report abuse directly to ClouDNS. The feedback loop from discovering abuse to reporting it should be straightforward and transparent.
- For example, if someone finds that a user at
- On the other hand, the alternative phrasing, "Abuse contact email address or web form," could lead requestors to only submit an abuse contact email address to PSL but not make it publicly visible or accessible to their users. However, I believe the intention of this change is to allow internet users to directly report abuse to the registry's website where they can access a properly maintained contact method (email or web form).
That said, I’m open to any further suggestions on how we can make this clearer or more effective in practice!
There was a problem hiding this comment.
I agree, ignore this review then.
|
I suggest we simplify this by always requiring an abuse contact. |
|
The comments above the checkbox have been simplified |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To address the issue:
This PR introduces updates to the PR submission template to address the issue raised in #1813 concerning the accountability of subdomain registries and the need for abuse contact information.
The new requirements aims to require that requestors who operate subdomain registries provide easily accessible abuse contact information, such as an email address or a web form, which allows responsible parties to be contacted in the event of abuse or malicious activities.
cc @dnsguru @simon-friedberger