On Tue, 08 Jan 2019 08:40:20 -0800 Wes wrote: WHVNSC> Magnus Fromreide <ma...@lysator.liu.se> writes: WHVNSC> WHVNSC> > I suppose the default value of the access control is WHVNSC> > "auth", the man page didn't say what the effects of that WHVNSC> > was? WHVNSC> > WHVNSC> > I think this is a bad idea as a default since that works WHVNSC> > against the "secure by default" ideal - if someone want WHVNSC> > to loosen restrictions then they should have to ask for WHVNSC> > that. WHVNSC> > [...] WHVNSC> I'd push back rather hard against breaking existing WHVNSC> implementations by changing the default. [...] WHVNSC> WHVNSC> If we want to change the default behavior, I'd suggest we WHVNSC> instead create a new token and push that out to all WHVNSC> documentation and examples rather than causing a version WHVNSC> update to suddenly make everyone's existing deployments WHVNSC> stop working.
How about a migration path? Add a warning at startup if rwuser is specified without a level. i.e. "Warning: no securityLevel specified for rwuser; defaulting to auth". People will hate it. But even if we add a new token, we should have a warning that people need to migrate to it, and we'd have to drop support for it at some point (with a configure option to keep it enabled). Now is a good time to consider such things, since (in theory) we have another release before the next long-term support release. Robert _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
