Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C80AB994D for ; Tue, 21 Feb 2012 22:42:10 +0000 (UTC) Received: (qmail 91919 invoked by uid 500); 21 Feb 2012 22:42:10 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 91862 invoked by uid 500); 21 Feb 2012 22:42:10 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 91854 invoked by uid 99); 21 Feb 2012 22:42:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2012 22:42:10 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of paul.joseph.davis@gmail.com designates 209.85.220.180 as permitted sender) Received: from [209.85.220.180] (HELO mail-vx0-f180.google.com) (209.85.220.180) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2012 22:42:05 +0000 Received: by vcbfo1 with SMTP id fo1so6429535vcb.11 for ; Tue, 21 Feb 2012 14:41:44 -0800 (PST) Received-SPF: pass (google.com: domain of paul.joseph.davis@gmail.com designates 10.52.26.8 as permitted sender) client-ip=10.52.26.8; Authentication-Results: mr.google.com; spf=pass (google.com: domain of paul.joseph.davis@gmail.com designates 10.52.26.8 as permitted sender) smtp.mail=paul.joseph.davis@gmail.com; dkim=pass header.i=paul.joseph.davis@gmail.com Received: from mr.google.com ([10.52.26.8]) by 10.52.26.8 with SMTP id h8mr13018709vdg.122.1329864104344 (num_hops = 1); Tue, 21 Feb 2012 14:41:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=KN4jz6K4aFPnhg9TlsHXtcoe302Nyk+jaPmIpmNfcfc=; b=NqfeLOaje/U68w6jfo8QjChrqIjP6Zgd4kAn1jG4/Z1TKzdBAbnbgNemSZ8HdwbAXJ H6rTTY0wPXx9YHQIDyWNEdwhAxusAc4nAmWGTj/3E17XKpEndfRsnt+1HB3MMkexBJYF ZK/KKnO5jUueBSODkLHXRaOC6Z35pE4KTljfM= Received: by 10.52.26.8 with SMTP id h8mr10484341vdg.122.1329864104288; Tue, 21 Feb 2012 14:41:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.188.1 with HTTP; Tue, 21 Feb 2012 14:41:03 -0800 (PST) In-Reply-To: References: <1FE932A3-8DF7-4B8A-9E88-448FBA671F8F@apache.org> <53080A6A-93C2-478F-B739-BBF7A3634C07@apache.org> <23D481E8-3F4E-4DF2-9818-935BB3FDA2F1@apache.org> From: Paul Davis Date: Tue, 21 Feb 2012 16:41:03 -0600 Message-ID: Subject: Re: Issues blocking the 1.2.0 release To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Did we fix the original JSON thing that started this whole broughaha? On Tue, Feb 21, 2012 at 3:57 PM, Noah Slater wrote: > Thanks. > > On Tue, Feb 21, 2012 at 9:46 PM, Jan Lehnardt wrote: > >> On 21.02.2012, at 22:38, Robert Newson wrote: >> >> > I resolved the ipv6 ticket as 'cannot reproduce' given that two >> > committers have verified ipv6 replication with 1.2.x. Time for round >> > 2? >> >> +1 >> >> >> > >> > On 21 February 2012 21:11, Noah Slater wrote: >> >> Are we blocked on anything else? Are we good to go? >> >> >> >> On Tue, Feb 21, 2012 at 7:21 PM, Jan Lehnardt wrote: >> >> >> >>> Thanks guys, committed. >> >>> >> >>> Noah, 1.2.0 is unblocked on this one. >> >>> >> >>> On Feb 21, 2012, at 20:13 , Paul Davis wrote: >> >>> >> >>>> +1 on the patch to require admin for _changes. >> >>>> >> >>>> On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt wrot= e: >> >>>>> *nudge* >> >>>>> >> >>>>> I don't feel very confident with a single opinion (thanks Robert), >> and >> >>> would love your input on this one. >> >>>>> >> >>>>> Cheers >> >>>>> Jan >> >>>>> -- >> >>>>> >> >>>>> >> >>>>> On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote: >> >>>>> >> >>>>>> >> >>>>>> On Feb 14, 2012, at 13:14 , Noah Slater wrote: >> >>>>>> >> >>>>>>> Devs, >> >>>>>>> >> >>>>>>> Please outline: >> >>>>>>> >> >>>>>>> =A0- What remains to be fixed for regression purposes >> >>>>>> >> >>>>>> I want to bring up one more thing (sorry :). >> >>>>>> >> >>>>>> /_users/_changes is currently end-user readable. While >> >>> /_users/_changes?include_docs=3Dtrue will not fetch docs the request= ing >> user >> >>> doesn't have access to, it still gets all doc ids in the /_users db = and >> >>> thus easily can generate a list of all users. >> >>>>>> >> >>>>>> I'd like to propose to make /_user/_changes also admin-only befor= e >> we >> >>> ship 1.2.0. Again, I'm happy to revisit and make things configurable >> down >> >>> the road. >> >>>>>> >> >>>>>> Note that the information that a particular user is registered is >> >>> leaked (a user can't sign up with a username that is already taken, >> from >> >>> that it can be deduced that that particular username is already >> >>> registered). This is in line with most signup systems. Making >> >>> /_users/_changes admin-only doesn't prevent all leakage of what user= s >> have >> >>> signed up, but it stops bulk-leakage of *all* users in one swoop. >> >>>>>> >> >>>>>> What do you think? >> >>>>>> >> >>>>>> Cheers >> >>>>>> Jan >> >>>>>> -- >> >>>>>> >> >>>>>> >> >>>>> >> >>> >> >>> >>