[NNTP] Revisiting POST as a separate capability

[Russ Allbery]

Clive D W Feather <clive at demon.net> writes:

> There's nothing technically inconsistent, no.

> However, we currently have two commands that do almost the same thing:
> POST and IHAVE. The only protocol-level difference (except that
> different response codes are used) is that the latter specifies a
> message-id on the command line and the former does not.

The difference in practice is that POST inserts trace information, while
IHAVE presumes that the remote host is trusted and modifies only the Path.
(I know you know this, but I want to make sure it's part of the
discussion.)

> The *reason* for having these two separate commands is, as we say, that
> one is intended to signal "new article" and the other "relayed
> article". The former is very unlikely to happen unless the client is
> also doing newsreading.

I don't think this is the case.  I can name a half-dozen processes just
off the top of my head that only need POST access to my server, not read
access, but are still posting new articles.  All of the moderators I
provide an injection point for, for example (although they're currently
using IHAVE, that's not completely correct in many cases).

> Yes, there's nothing inconsistent about POST without READER, but do we
> want to encourage it? I would suggest that we don't.

I don't think this constitutes encouragement, just making it possible.
After thinking about this for a while, I do think we should make it
possible (although it's not sufficiently important enough to me to argue
against a consensus if people disagree).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>