On Tue, Jul 7, 2015, at 07:47 PM, Zack Weinberg wrote:
The thing is, putting myself in the shoes of someone trying to investigate an incident, I think the distinction among "this relay has _never_ allowed any sort of exiting", "this relay _does_ allow exiting right now", and "this relay _did_ allow exiting at some point in the past but doesn't right now" is critical. More important than whatever its current policy is wrt any given port or IP address. Re-importing the entire descriptor archive therefore strikes me as "yeah, if that's what it takes, you should do that."
If someone only has an IP address for an incident but no exact time, they barely have the basis for a complaint, let alone something more formal like a prosecution. What is the relevance of the relay's status at any time other than that of the incident?
Moreover, when digging deeper, I would want to be able to know the exact exit policy at a specific time in the past, which I believe would entail having the entire descriptor history available anyway?
Karsten has already linked to the entire descriptor history - having that link as a footnote to Exonerator should suffice. We *are* trying to simplify here.
Respectfully, Geoff