Hi, Thanks for your comments on the KIP and sorry for the delay in responding.
D01: Authorisation is the area of this KIP that I think is most tricky. The reason that I didn't implement specific ACLs for DLQs because I was not convinced they would help. So, if you have a specific idea in mind, please let me know. This is the area that I'm least comfortable with in the KIP. I suppose maybe to set the DLQ name for a group, you could need a higher level of authorisation than just ALTER_CONFIGS on the GROUP. But what I settled with in the KIP was that DLQ topics all start with the same prefix, defaulting to "dlq.", and that the topics do not automatically create. D02: I can see that. I've added a config which I've called errors.deadletterqueue.auto.create.topics.enable just to have a consistent prefix on all of the config names. Let me know what you think. D03: I've added some text about failure scenarios when attempting to write records to the DLQ. Thanks, Andrew ________________________________________ From: isding_l <isdin...@163.com> Sent: 16 July 2025 04:18 To: dev <dev@kafka.apache.org> Subject: Re: [DISCUSS]: KIP-1191: Dead-letter queues for share groups Hi Andrew, Thanks for the nice KIP, This KIP design for introducing dead-letter queues (DLQs) for Share Groups is generally clear and reasonable, addressing the key pain points of handling "poison message". D01: Should we consider implementing independent ACL configurations for DLQs? This would enable separate management of DLQ topic read/write permissions from source topics, preventing privilege escalation attacks via "poison message" + DLQ mechanisms. D02: While disabling automatic DLQ topic creation is justifiable for security, it creates operational overhead in automated deployments. Can we introduce a configuration parameter auto.create.dlq.topics.enable to govern this behavior? D03: How should we handle failure scenarios when brokers attempt to write records to the DLQ? ---- Replied Message ---- | From | Andrew Schofield<andrew_schofield_j...@outlook.com> | | Date | 07/08/2025 17:54 | | To | dev@kafka.apache.org<dev@kafka.apache.org> | | Subject | [DISCUSS]: KIP-1191: Dead-letter queues for share groups | Hi, I'd like to start discussion on KIP-1191 which adds dead-letter queue support for share groups. Records which cannot be processed by consumers in a share group can be automatically copied onto another topic for a closer look. KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-1191%3A+Dead-letter+queues+for+share+groups Thanks, Andrew
