I feel more than willing to believe that patching/resolving the flaws may be a significant undertaking.
However, as super-whois says, I think it's respectful to members that they at least engage, and answer concerns, and clarify if the flaws or vulnerabilities are still there.
The last two large.uk name events (July 2019 and January 2020) for different reasons, the catching rate of a dominant party seems to have been about 20 times the rate of the regular and skilled domain catchers on average, hoovering up close on half of some categories of the most valued domains.
That is NOT equal access to domains.
Now sure, Nominet may focus their priorities on their top 4 registrars, because that's where most of their business and money lies, but surely small registrars and members have equal rights to expect a resilient system that provides fair and equal access. We don't even know if the flaw(s) still exist, because Nominet haven't said whether they do or not. In short, will yet another great .uk name dump be exploited by weaknesses in the operations of this cyber-security company? That's a fair concern, given past performance:
Will weaknesses in Nominet's rules and processes mean that history repeats itself in September 2020?
I think it's disrespectful for Nominet to just stay silent and detached on these voiced concerns. Disrespectful to legitimate, rule-abiding members. In my view it almost borders on arrogance.
It gives the impression that some members don't really matter enough to spend a few minutes explaining what's happened, why it's taken so long to resolve, and whether it's still a problem now.
Meanwhile we only have this name dump of about 1,300,000 .uk names next month because some important members (who clearly DO matter) were allowed to circumvent the RRA which applies to all, and do their own thing, regardless of the fact that the rules say registrars can't register domains unless registrants ask them to. Nominet provided the free registrations, knowing their big registrar 'friends' were likely to mass-register what - in the event - turned out to be over 2 million domain names.
My concern is more the future than the past, and we have what we have: over a million names that were supposed (in agreed process) to have dropped 14 months ago. And a process for registering them which, on past performance, is going to provide far from equal access. And people voicing concerns about that. And Nominet not replying.
Meanwhile we have directors who are employees of the huge registrars - and indeed a competing Registry - whose parent companies were involved in the hugely unproductive mass-registrations. Let's face it, the bottom line was that these 2 million+ 'ghost' registrants didn't renew because they just didn't want the domains, they never asked for them, they still haven't asked for them.
It was a misjudged policy that achieved minimal results for considerable negative PR. But there seemed to be a 'laissez-faire' attitude of letting valued big companies 'do their own thing', setting RRA rules aside and, arguably facilitating the process with promotions that made it all possible. To me there's a cultural issue here, which I've seen with ICANN, and Registries, and big tech companies - again and again: of too-close relationships between powerful interests, affording them influence, sway, and reciprocal financial benefits.
So as Aaron says, and I agree, the domain catching fraternity is a quite small and niche market in the overall picture of registrations. I suspect they are not Nominet's priority at all. Nevertheless, they have a right to expect systems and processes that are watertight, and equal access to the UK's namespace. They have a right to expect there are no conflicts of interest in the company's governance (not saying there is, I don't know, but I still think the very large registrars [and one now a Registry too] should be kept at arm's length from the company's operations).
And, like all members, they should expect to have their concerns, affecting their livelihoods, responded to in helpful detail.
and dealing with the large scale registrars which presumably take up more of their time than 50 people drop catching and registering 100 names a day between them i'm not surprised it hasn't been fixed yet.
