On Sun, 5 Dec 2010 23:36:33 +0000 Simon Wilkinson <[email protected]> wrote:
> > We only just agreed to turn on by default the configure flag that > > lets you turn on restricted mode at all, for 1.6. I'd hope we'd wait > > another stable release cycle or two before making it the default > > (maybe 2.0?). > > I don't see the relationship here. Are you saying that every time we > ship a new feature we should ship it disabled, and then wait a couple > of release cycles before enabling it? Because that's going to get > boring really quickly. Features that are backwards-incompatible, and cause nontrivial downtime to revert, I'd hope we'd wait at least a release. For this specific case, 1.8 is one stable release cycle and 1.10 is two (or 2.0 if we get there first?). 1.8 is 1.6+IFS if I recall correctly, so I don't think including the change there would be a good place, making 1.10 a sensible next choice. And keep in mind I'm trying to think of stable release cycles in terms of what was discussed at BPW 2010, not the glacial pace of e.g. 1.2 -> 1.4. It wouldn't/shouldn't take that long. And rapid changes can get really annoying, too. Have already gotten a little annoying (Just a little! :) > The relationship between being in UserList and having effective root > access to the machine is poorly documented, and poorly understood. I > suspect that this discussion has come as an unpleasant surprise to > many people. If you add into the mix the extremely weak authentication > and connection security that protects it from external attack, then I > think that this is a hole we should be removing from the default > install as soon as possible. It's also existed for the past 10+N years. That's not an excuse to keep it around, but it's not like this is anything new. And I thought we already discussed this last year, and we agreed to turn on the restricted capability by default, but not restricted mode on by default in 1.6. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
