smiklosovic commented on code in PR #2253: URL: https://github.com/apache/cassandra/pull/2253#discussion_r1165180776
########## conf/cassandra.yaml: ########## @@ -1362,6 +1362,11 @@ server_encryption_options: # Set to a valid keystore if internode_encryption is dc, rack or all keystore: conf/.keystore keystore_password: cassandra Review Comment: @maedhroz @maulin-vasavada But if we leave it here uncommented, we also do not break existing configurations which are depending on it. It is about "not breaking what is there". If we change this, all deployments which rely on the default will stop to work because we set it to null suddenly. It is more about the _possibility_ to set it to null if one really wants that rather than setting it by default to null and break it everywhere it relies on not null (even it is "cassandra" as default). People who are (and should) using stronger passwords have to set them explicitly anyway and they do not have this problem. If this goes to 4.1 as well, people might be quite surprised that this will not work between stupid version bump in a patch release. Having it changed in 5.0 is probably OK but still ... So, I would leave it uncommented in 4.1 but I would comment it in 5.0. That way we do not break patch release bump but we still educate users that there is no magic default for them in 5.0 and they should set it all explicitly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
