Let's roll #2! :) Thanks Paul and everybody :)
Cheers Jan -- On Feb 22, 2012, at 20:47 , Paul Davis wrote: > JSON patch is committed: > > http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff;h=ba271a70b83c6df16af43204c2ba9f4d5ca89711 > > On Wed, Feb 22, 2012 at 12:39 AM, Filipe David Manana > <[email protected]> wrote: >> I think COUCHDB-1413 wouldn't hurt to have for 1.2.0, after all it's >> about correct query results. 1.2.1 is also aceptable. >> If no objections, I'll push the fix to 1.2.x as well. >> >> On Tue, Feb 21, 2012 at 6:32 PM, Jason Smith <[email protected]> wrote: >>> My reading of the JIRA ticket (FWIW) is that Paul explained pretty >>> convincingly why this is only a minor bug if at all. For this release, >>> Paul had a simple fix; although I do not see it in 1.2.x nor JIRA and >>> don't recall offhand what it was exactly. >>> >>> On Tue, Feb 21, 2012 at 10:50 PM, Robert Newson <[email protected]> wrote: >>>> heh, actually I don't think we did. >>>> >>>> On 21 February 2012 22:41, Paul Davis <[email protected]> wrote: >>>>> Did we fix the original JSON thing that started this whole broughaha? >>>>> >>>>> On Tue, Feb 21, 2012 at 3:57 PM, Noah Slater <[email protected]> wrote: >>>>>> Thanks. >>>>>> >>>>>> On Tue, Feb 21, 2012 at 9:46 PM, Jan Lehnardt <[email protected]> wrote: >>>>>> >>>>>>> On 21.02.2012, at 22:38, Robert Newson <[email protected]> wrote: >>>>>>> >>>>>>>> I resolved the ipv6 ticket as 'cannot reproduce' given that two >>>>>>>> committers have verified ipv6 replication with 1.2.x. Time for round >>>>>>>> 2? >>>>>>> >>>>>>> +1 >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> On 21 February 2012 21:11, Noah Slater <[email protected]> wrote: >>>>>>>>> Are we blocked on anything else? Are we good to go? >>>>>>>>> >>>>>>>>> On Tue, Feb 21, 2012 at 7:21 PM, Jan Lehnardt <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Thanks guys, committed. >>>>>>>>>> >>>>>>>>>> Noah, 1.2.0 is unblocked on this one. >>>>>>>>>> >>>>>>>>>> On Feb 21, 2012, at 20:13 , Paul Davis wrote: >>>>>>>>>> >>>>>>>>>>> +1 on the patch to require admin for _changes. >>>>>>>>>>> >>>>>>>>>>> On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>>> *nudge* >>>>>>>>>>>> >>>>>>>>>>>> I don't feel very confident with a single opinion (thanks Robert), >>>>>>> and >>>>>>>>>> would love your input on this one. >>>>>>>>>>>> >>>>>>>>>>>> Cheers >>>>>>>>>>>> Jan >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Feb 14, 2012, at 13:14 , Noah Slater wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Devs, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please outline: >>>>>>>>>>>>>> >>>>>>>>>>>>>> - What remains to be fixed for regression purposes >>>>>>>>>>>>> >>>>>>>>>>>>> I want to bring up one more thing (sorry :). >>>>>>>>>>>>> >>>>>>>>>>>>> /_users/_changes is currently end-user readable. While >>>>>>>>>> /_users/_changes?include_docs=true will not fetch docs the requesting >>>>>>> user >>>>>>>>>> doesn't have access to, it still gets all doc ids in the /_users db >>>>>>>>>> and >>>>>>>>>> thus easily can generate a list of all users. >>>>>>>>>>>>> >>>>>>>>>>>>> I'd like to propose to make /_user/_changes also admin-only before >>>>>>> we >>>>>>>>>> ship 1.2.0. Again, I'm happy to revisit and make things configurable >>>>>>> down >>>>>>>>>> the road. >>>>>>>>>>>>> >>>>>>>>>>>>> Note that the information that a particular user is registered is >>>>>>>>>> leaked (a user can't sign up with a username that is already taken, >>>>>>> from >>>>>>>>>> that it can be deduced that that particular username is already >>>>>>>>>> registered). This is in line with most signup systems. Making >>>>>>>>>> /_users/_changes admin-only doesn't prevent all leakage of what users >>>>>>> have >>>>>>>>>> signed up, but it stops bulk-leakage of *all* users in one swoop. >>>>>>>>>>>>> >>>>>>>>>>>>> What do you think? >>>>>>>>>>>>> >>>>>>>>>>>>> Cheers >>>>>>>>>>>>> Jan >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> >>> >>> >>> >>> -- >>> Iris Couch >> >> >> >> -- >> Filipe David Manana, >> >> "Reasonable men adapt themselves to the world. >> Unreasonable men adapt the world to themselves. >> That's why all progress depends on unreasonable men."
