Maybe I’m missing something here, but I thought the relay and the block producer are being split for a good reason - the block producer can be isolated, should not be advertised and should be only known to the relay.
With that in mind, when looking at some pool setup instructions recently, I could see that people seem to update the topology files using the topologyUpdater script, which uses the API at api.clio.one. While the team behind that site might have good intentions, there are some concerns about how those updates work and how secure that system is. For example:
The API registers the IP of the requesting client - it is not clear how that data is collected and used (and that might not be an IP of an actual relay).
If the topology not only fetched, but also pushed (which seems to be the default setting), it sends along the IP of the block producer - why would that be needed?
If the domain changes hands (which might not be noticed, considering that it uses the whois privacy) or just exploited (which might happen due to misconfigurations for example), what would stop someone from distributing the rogue topology (such as pointing to the unreachable IPs or the IPs which are trageted for DDoS)?
Could anyone clarify?