Github user rnewson commented on the pull request:
https://github.com/apache/couchdb/pull/152#discussion_r9859563
We should upgrade their hash *after* they've authenticated and proved they
got the password right. Won't this just save whatever password they tried and
make it the users actual password?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. To do so, please top-post your response.
If your project does not have this feature enabled and wishes so, or if the
feature is enabled but not working, please contact infrastructure at
[email protected] or file a JIRA ticket with INFRA.
---
