couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: Issues blocking the 1.2.0 release
Date Wed, 22 Feb 2012 19:47:11 GMT
JSON patch is committed:

http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff;h=ba271a70b83c6df16af43204c2ba9f4d5ca89711

On Wed, Feb 22, 2012 at 12:39 AM, Filipe David Manana
<fdmanana@apache.org> wrote:
> I think COUCHDB-1413 wouldn't hurt to have for 1.2.0, after all it's
> about correct query results. 1.2.1 is also aceptable.
> If no objections, I'll push the fix to 1.2.x as well.
>
> On Tue, Feb 21, 2012 at 6:32 PM, Jason Smith <jhs@iriscouch.com> wrote:
>> My reading of the JIRA ticket (FWIW) is that Paul explained pretty
>> convincingly why this is only a minor bug if at all. For this release,
>> Paul had a simple fix; although I do not see it in 1.2.x nor JIRA and
>> don't recall offhand what it was exactly.
>>
>> On Tue, Feb 21, 2012 at 10:50 PM, Robert Newson <rnewson@apache.org> wrote:
>>> heh, actually I don't think we did.
>>>
>>> On 21 February 2012 22:41, Paul Davis <paul.joseph.davis@gmail.com> wrote:
>>>> Did we fix the original JSON thing that started this whole broughaha?
>>>>
>>>> On Tue, Feb 21, 2012 at 3:57 PM, Noah Slater <nslater@tumbolia.org>
wrote:
>>>>> Thanks.
>>>>>
>>>>> On Tue, Feb 21, 2012 at 9:46 PM, Jan Lehnardt <jan@apache.org>
wrote:
>>>>>
>>>>>> On 21.02.2012, at 22:38, Robert Newson <rnewson@apache.org>
wrote:
>>>>>>
>>>>>> > I resolved the ipv6 ticket as 'cannot reproduce' given that
two
>>>>>> > committers have verified ipv6 replication with 1.2.x. Time for
round
>>>>>> > 2?
>>>>>>
>>>>>> +1
>>>>>>
>>>>>>
>>>>>> >
>>>>>> > On 21 February 2012 21:11, Noah Slater <nslater@tumbolia.org>
wrote:
>>>>>> >> Are we blocked on anything else? Are we good to go?
>>>>>> >>
>>>>>> >> On Tue, Feb 21, 2012 at 7:21 PM, Jan Lehnardt <jan@apache.org>
wrote:
>>>>>> >>
>>>>>> >>> Thanks guys, committed.
>>>>>> >>>
>>>>>> >>> Noah, 1.2.0 is unblocked on this one.
>>>>>> >>>
>>>>>> >>> On Feb 21, 2012, at 20:13 , Paul Davis wrote:
>>>>>> >>>
>>>>>> >>>> +1 on the patch to require admin for _changes.
>>>>>> >>>>
>>>>>> >>>> On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt <jan@apache.org>
wrote:
>>>>>> >>>>> *nudge*
>>>>>> >>>>>
>>>>>> >>>>> I don't feel very confident with a single opinion
(thanks Robert),
>>>>>> and
>>>>>> >>> would love your input on this one.
>>>>>> >>>>>
>>>>>> >>>>> Cheers
>>>>>> >>>>> Jan
>>>>>> >>>>> --
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>> On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote:
>>>>>> >>>>>
>>>>>> >>>>>>
>>>>>> >>>>>> On Feb 14, 2012, at 13:14 , Noah Slater
wrote:
>>>>>> >>>>>>
>>>>>> >>>>>>> Devs,
>>>>>> >>>>>>>
>>>>>> >>>>>>> Please outline:
>>>>>> >>>>>>>
>>>>>> >>>>>>>  - What remains to be fixed for regression
purposes
>>>>>> >>>>>>
>>>>>> >>>>>> I want to bring up one more thing (sorry
:).
>>>>>> >>>>>>
>>>>>> >>>>>> /_users/_changes is currently end-user readable.
While
>>>>>> >>> /_users/_changes?include_docs=true will not fetch docs
the requesting
>>>>>> user
>>>>>> >>> doesn't have access to, it still gets all doc ids in
the /_users db and
>>>>>> >>> thus easily can generate a list of all users.
>>>>>> >>>>>>
>>>>>> >>>>>> I'd like to propose to make /_user/_changes
also admin-only before
>>>>>> we
>>>>>> >>> ship 1.2.0. Again, I'm happy to revisit and make things
configurable
>>>>>> down
>>>>>> >>> the road.
>>>>>> >>>>>>
>>>>>> >>>>>> Note that the information that a particular
user is registered is
>>>>>> >>> leaked (a user can't sign up with a username that is
already taken,
>>>>>> from
>>>>>> >>> that it can be deduced that that particular username
is already
>>>>>> >>> registered). This is in line with most signup systems.
Making
>>>>>> >>> /_users/_changes admin-only doesn't prevent all leakage
of what users
>>>>>> have
>>>>>> >>> signed up, but it stops bulk-leakage of *all* users
in one swoop.
>>>>>> >>>>>>
>>>>>> >>>>>> What do you think?
>>>>>> >>>>>>
>>>>>> >>>>>> Cheers
>>>>>> >>>>>> Jan
>>>>>> >>>>>> --
>>>>>> >>>>>>
>>>>>> >>>>>>
>>>>>> >>>>>
>>>>>> >>>
>>>>>> >>>
>>>>>>
>>
>>
>>
>> --
>> Iris Couch
>
>
>
> --
> Filipe David Manana,
>
> "Reasonable men adapt themselves to the world.
>  Unreasonable men adapt the world to themselves.
>  That's why all progress depends on unreasonable men."

Mime
View raw message