As in, within a few hours, preferably. On Fri, Feb 10, 2012 at 8:06 PM, Randall Leeds <[email protected]>wrote:
> On Feb 9, 2012 6:09 PM, "Randall Leeds" <[email protected]> wrote: > > > > On Thu, Feb 9, 2012 at 17:48, Jason Smith <[email protected]> wrote: > > > Hi, Noah. When I saw it hit Git, I realized it was a breaking change, > > > and I asked around. If memory serves, Randall happened to be on at the > > > time and he asked me the same question you just did. I said I never > > > saw an RFC email and that's when he realized it was not done publicly. > > > > I was aware the entire time, but I think the motivation is sound and > > it needed to be done. A couple committers spoke up to say we didn't > > think it was sensitive enough to warrant the private discussion but > > ultimately there was broad consensus on the implementation and the > > change itself. One of those (let us all celebrate) extremely rare > > times where there wasn't opportunity for broad community input. > > > > Creating a view on _users that pulls the relevant parts of a user > > document out is the way forward for public profiles, I think. > > If someone would write a blog post showing how that works it'd be > > great. In retrospect this would have been a great thing to do weeks > > ago. Lesson learned. > > Just to be clear I don't want to dismiss your concerns. If you believe this > needs a config option rather than just documentation now is a good time to > speak up loudly since the vote was aborted. > > > > > Now to test! > > > > -R > > > > > > > > I am pleased and grateful for the 1.2 release. It's remarkable! I'll > > > simply remind the community, don't email a plus-one just because the > > > unit tests pass. Install your application! Test your application! If > > > you use _users in your Couch app, this will be the most significant > > > breaking change since the 0.9 release. > > > > > > On Fri, Feb 10, 2012 at 8:25 AM, Noah Slater <[email protected]> > wrote: > > >> Did you bring this up on the RFC thread or in private, Jason? > > >> > > >> On Fri, Feb 10, 2012 at 1:16 AM, Jason Smith <[email protected]> > wrote: > > >> > > >>> On Fri, Feb 10, 2012 at 7:52 AM, Noah Slater <[email protected]> > wrote: > > >>> > Hello, > > >>> > > > >>> > I would like call a vote for the Apache CouchDB 1.2.0 release, > first > > >>> round. > > >>> > > >>> Documents in the _users database are no longer publicly readable. > > >>> > > >>> I understand that there was no public RFC about this due to its > > >>> security implications? > > >>> > > >>> Iris Couch users have been running the 1.2.x beta builds for a few > > >>> ekes and this is the top point of feedback. People have to rewrite > > >>> their Couch apps, in particular because most of Chris's projects and > > >>> examples uses _user to keep public profiles (nickname, Gravatar URL, > > >>> etc.). > > >>> > > >>> I suppose this is old news. The decision is good. It's a documented > > >>> breaking change. Fine. I hope there isn't blowback though. > > >>> > > >>> -- > > >>> Iris Couch > > >>> > > > > > > > > > > > > -- > > > Iris Couch >
