elek commented on pull request #1083:
URL: https://github.com/apache/hadoop-ozone/pull/1083#issuecomment-647483168
I would like to add my own opinion about the size of the risks:
I wouldn't like to convince anybody, but couldn't see very high risk.
Actually I think there is a higher risk to use a wrong `rm -rf` command than
using `ozone ldb` which couldn't work without very long and specific
parameters. Actually it's already longer than a usual `--yes` confirmation flag.
1. Users shouldn't have permission to the rocksdb files. If they have it:
doesn't matter if you check admin permission, they have all the power to do bad
things. Actually even just having the read access to the rocksdb violates the
security model.
2. I would prefer to improve the usability of the admin tools even if the
risk is slightly higher. Administrators already learned to handle risks and
usually they use the power very carefully.
> Finally, I want to say, any kind of incompatible changes should be taken
care of by upgrade handlers to handle properly, and it should not require an
admin to perform these kinds of operations. If it requires, that means our
upgrade path is not correct.
This is what we have now. If this were the only concern, we can solve it by
removing this ldb subcommand **when upgrade is implemented**. Today we have
incompatibilities where I can accept that we need tool to help admins.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
