couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Fri, 10 Feb 2012 02:09:06 GMT
On Thu, Feb 9, 2012 at 17:48, Jason Smith <> wrote:
> Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
> and I asked around. If memory serves, Randall happened to be on at the
> time and he asked me the same question you just did. I said I never
> saw an RFC email and that's when he realized it was not done publicly.

I was aware the entire time, but I think the motivation is sound and
it needed to be done. A couple committers spoke up to say we didn't
think it was sensitive enough to warrant the private discussion but
ultimately there was broad consensus on the implementation and the
change itself. One of those (let us all celebrate) extremely rare
times where there wasn't opportunity for broad community input.

Creating a view on _users that pulls the relevant parts of a user
document out is the way forward for public profiles, I think.
If someone would write a blog post showing how that works it'd be
great. In retrospect this would have been a great thing to do weeks
ago. Lesson learned.

Now to test!


> I am pleased and grateful for the 1.2 release. It's remarkable! I'll
> simply remind the community, don't email a plus-one just because the
> unit tests pass. Install your application! Test your application! If
> you use _users in your Couch app, this will be the most significant
> breaking change since the 0.9 release.
> On Fri, Feb 10, 2012 at 8:25 AM, Noah Slater <> wrote:
>> Did you bring this up on the RFC thread or in private, Jason?
>> On Fri, Feb 10, 2012 at 1:16 AM, Jason Smith <> wrote:
>>> On Fri, Feb 10, 2012 at 7:52 AM, Noah Slater <> wrote:
>>> > Hello,
>>> >
>>> > I would like call a vote for the Apache CouchDB 1.2.0 release, first
>>> round.
>>> Documents in the _users database are no longer publicly readable.
>>> I understand that there was no public RFC about this due to its
>>> security implications?
>>> Iris Couch users have been running the 1.2.x beta builds for a few
>>> ekes and this is the top point of feedback. People have to rewrite
>>> their Couch apps, in particular because most of Chris's projects and
>>> examples uses _user to keep public profiles (nickname, Gravatar URL,
>>> etc.).
>>> I suppose this is old news. The decision is good. It's a documented
>>> breaking change. Fine. I hope there isn't blowback though.
>>> --
>>> Iris Couch
> --
> Iris Couch

View raw message