lostnet commented on pull request #3947: URL: https://github.com/apache/couchdb/pull/3947#issuecomment-1057091182
Sure, I think I get this usage scenario. The distinction I'm thinking about is that: - The current contents of the VDU are mandatory security, i.e. the user can't be allowed to add a role they don't have to the context through any mechanism. - The intended additions are advisory, the user is achieving nothing by changing \_replication\_ values and it is nice to inform them (but possibly not correct to stop a programmatic update as @nickva points out.) I wouldn't have thought of _replicator document fields as a first priority in advisory validation, but I think there could be much more advisory information to add to make couchdb admin friendlier for adding users, design docs, etc. The fauxton client side and schema validation could better present growing amounts of non-critical advice/warnings/info and keep it out the VDUs to make it clear that they are just advice, aren't really part of any security model and maybe don't block save, etc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
