couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Fri, 10 Feb 2012 20:06:38 GMT
On Feb 9, 2012 6:09 PM, "Randall Leeds" <randall.leeds@gmail.com> wrote:
>
> On Thu, Feb 9, 2012 at 17:48, Jason Smith <jhs@iriscouch.com> wrote:
> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
> > and I asked around. If memory serves, Randall happened to be on at the
> > time and he asked me the same question you just did. I said I never
> > saw an RFC email and that's when he realized it was not done publicly.
>
> I was aware the entire time, but I think the motivation is sound and
> it needed to be done. A couple committers spoke up to say we didn't
> think it was sensitive enough to warrant the private discussion but
> ultimately there was broad consensus on the implementation and the
> change itself. One of those (let us all celebrate) extremely rare
> times where there wasn't opportunity for broad community input.
>
> Creating a view on _users that pulls the relevant parts of a user
> document out is the way forward for public profiles, I think.
> If someone would write a blog post showing how that works it'd be
> great. In retrospect this would have been a great thing to do weeks
> ago. Lesson learned.

Just to be clear I don't want to dismiss your concerns. If you believe this
needs a config option rather than just documentation now is a good time to
speak up loudly since the vote was aborted.

>
> Now to test!
>
> -R
>
> >
> > I am pleased and grateful for the 1.2 release. It's remarkable! I'll
> > simply remind the community, don't email a plus-one just because the
> > unit tests pass. Install your application! Test your application! If
> > you use _users in your Couch app, this will be the most significant
> > breaking change since the 0.9 release.
> >
> > On Fri, Feb 10, 2012 at 8:25 AM, Noah Slater <nslater@tumbolia.org>
wrote:
> >> Did you bring this up on the RFC thread or in private, Jason?
> >>
> >> On Fri, Feb 10, 2012 at 1:16 AM, Jason Smith <jhs@iriscouch.com> wrote:
> >>
> >>> On Fri, Feb 10, 2012 at 7:52 AM, Noah Slater <nslater@tumbolia.org>
wrote:
> >>> > Hello,
> >>> >
> >>> > I would like call a vote for the Apache CouchDB 1.2.0 release, first
> >>> round.
> >>>
> >>> Documents in the _users database are no longer publicly readable.
> >>>
> >>> I understand that there was no public RFC about this due to its
> >>> security implications?
> >>>
> >>> Iris Couch users have been running the 1.2.x beta builds for a few
> >>> ekes and this is the top point of feedback. People have to rewrite
> >>> their Couch apps, in particular because most of Chris's projects and
> >>> examples uses _user to keep public profiles (nickname, Gravatar URL,
> >>> etc.).
> >>>
> >>> I suppose this is old news. The decision is good. It's a documented
> >>> breaking change. Fine. I hope there isn't blowback though.
> >>>
> >>> --
> >>> Iris Couch
> >>>
> >
> >
> >
> > --
> > Iris Couch

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message