couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Issues blocking the 1.2.0 release
Date Wed, 22 Feb 2012 19:53:52 GMT
Let's roll #2! :)

Thanks Paul and everybody :)

Cheers
Jan
-- 

On Feb 22, 2012, at 20:47 , Paul Davis wrote:

> JSON patch is committed:
> 
> http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff;h=ba271a70b83c6df16af43204c2ba9f4d5ca89711
> 
> On Wed, Feb 22, 2012 at 12:39 AM, Filipe David Manana
> <fdmanana@apache.org> wrote:
>> I think COUCHDB-1413 wouldn't hurt to have for 1.2.0, after all it's
>> about correct query results. 1.2.1 is also aceptable.
>> If no objections, I'll push the fix to 1.2.x as well.
>> 
>> On Tue, Feb 21, 2012 at 6:32 PM, Jason Smith <jhs@iriscouch.com> wrote:
>>> My reading of the JIRA ticket (FWIW) is that Paul explained pretty
>>> convincingly why this is only a minor bug if at all. For this release,
>>> Paul had a simple fix; although I do not see it in 1.2.x nor JIRA and
>>> don't recall offhand what it was exactly.
>>> 
>>> On Tue, Feb 21, 2012 at 10:50 PM, Robert Newson <rnewson@apache.org> wrote:
>>>> heh, actually I don't think we did.
>>>> 
>>>> On 21 February 2012 22:41, Paul Davis <paul.joseph.davis@gmail.com>
wrote:
>>>>> Did we fix the original JSON thing that started this whole broughaha?
>>>>> 
>>>>> On Tue, Feb 21, 2012 at 3:57 PM, Noah Slater <nslater@tumbolia.org>
wrote:
>>>>>> Thanks.
>>>>>> 
>>>>>> On Tue, Feb 21, 2012 at 9:46 PM, Jan Lehnardt <jan@apache.org>
wrote:
>>>>>> 
>>>>>>> On 21.02.2012, at 22:38, Robert Newson <rnewson@apache.org>
wrote:
>>>>>>> 
>>>>>>>> I resolved the ipv6 ticket as 'cannot reproduce' given that
two
>>>>>>>> committers have verified ipv6 replication with 1.2.x. Time
for round
>>>>>>>> 2?
>>>>>>> 
>>>>>>> +1
>>>>>>> 
>>>>>>> 
>>>>>>>> 
>>>>>>>> On 21 February 2012 21:11, Noah Slater <nslater@tumbolia.org>
wrote:
>>>>>>>>> Are we blocked on anything else? Are we good to go?
>>>>>>>>> 
>>>>>>>>> On Tue, Feb 21, 2012 at 7:21 PM, Jan Lehnardt <jan@apache.org>
wrote:
>>>>>>>>> 
>>>>>>>>>> Thanks guys, committed.
>>>>>>>>>> 
>>>>>>>>>> Noah, 1.2.0 is unblocked on this one.
>>>>>>>>>> 
>>>>>>>>>> On Feb 21, 2012, at 20:13 , Paul Davis wrote:
>>>>>>>>>> 
>>>>>>>>>>> +1 on the patch to require admin for _changes.
>>>>>>>>>>> 
>>>>>>>>>>> On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt
<jan@apache.org> wrote:
>>>>>>>>>>>> *nudge*
>>>>>>>>>>>> 
>>>>>>>>>>>> I don't feel very confident with a single
opinion (thanks Robert),
>>>>>>> and
>>>>>>>>>> would love your input on this one.
>>>>>>>>>>>> 
>>>>>>>>>>>> Cheers
>>>>>>>>>>>> Jan
>>>>>>>>>>>> --
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> On Feb 16, 2012, at 16:12 , Jan Lehnardt
wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> On Feb 14, 2012, at 13:14 , Noah Slater
wrote:
>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Devs,
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Please outline:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>  - What remains to be fixed for regression
purposes
>>>>>>>>>>>>> 
>>>>>>>>>>>>> I want to bring up one more thing (sorry
:).
>>>>>>>>>>>>> 
>>>>>>>>>>>>> /_users/_changes is currently end-user
readable. While
>>>>>>>>>> /_users/_changes?include_docs=true will not fetch
docs the requesting
>>>>>>> user
>>>>>>>>>> doesn't have access to, it still gets all doc ids
in the /_users db and
>>>>>>>>>> thus easily can generate a list of all users.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> I'd like to propose to make /_user/_changes
also admin-only before
>>>>>>> we
>>>>>>>>>> ship 1.2.0. Again, I'm happy to revisit and make
things configurable
>>>>>>> down
>>>>>>>>>> the road.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Note that the information that a particular
user is registered is
>>>>>>>>>> leaked (a user can't sign up with a username that
is already taken,
>>>>>>> from
>>>>>>>>>> that it can be deduced that that particular username
is already
>>>>>>>>>> registered). This is in line with most signup systems.
Making
>>>>>>>>>> /_users/_changes admin-only doesn't prevent all leakage
of what users
>>>>>>> have
>>>>>>>>>> signed up, but it stops bulk-leakage of *all* users
in one swoop.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> What do you think?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Cheers
>>>>>>>>>>>>> Jan
>>>>>>>>>>>>> --
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Iris Couch
>> 
>> 
>> 
>> --
>> Filipe David Manana,
>> 
>> "Reasonable men adapt themselves to the world.
>>  Unreasonable men adapt the world to themselves.
>>  That's why all progress depends on unreasonable men."


Mime
View raw message