sorry if you took the message personally. Is your problem, not mine. I was not attacking you at all, rather saying that, in my opinion, software should fit for purpose and either prevent (when feasible) or warn about possible security holes. Just that. But not building additional security features beyond purpose (as I understood Richard was suggesting). So, basically the same that you are stating.
> It is just ridiculous to read that running applications under superuser > privileges and allowing world-wide access over the internet to a host with > user applications need "safe configuration options by default" and > "unnecessary burden must be prevented". > well, is ridiculous if you are google and have 2000 employees to create a couple of servlets. But if you have limited resources, and you are paying attention to other functionalities and working on beta, is not ridiculous. Is an assumed and controlled risk. But do not blame others for your personal mistakes. > Can you please show me where I did that? I totally agree what you did here <https://github.com/elasticsearch/elasticsearch/issues/5853>. No more question here. Sorry, you have blamed yourself, I did not. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a72a0161-91c5-47b3-a989-7dd8548f996a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
