Re: Rejecting commits to a 1.5 server from clients < 1.5

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-10-24 00:45:14 CEST

On Tue, 23 Oct 2007, Blair Zajac wrote:

> Daniel Rall wrote:
...
> >The point I was trying to make is about how we advertise this
> >behavior.
> >
> >We need to be very clear that we're _not doing access control_ here,
> >so those looking for guaranteed protection from malicious users
> >shouldn't rely on this facility for it. What we're doing is providing
> >a nicety that'll keep 99% of the user base from shooting themselves in
> >the foot, regardless of the fact that we're providing no real
> >security.
>
> Good point. But I wasn't even really thinking about this in a security
> context, just a capability context. Do we want to conflate the two?

I don't want to. But, in this particular case, it's easy for users to
make that mistake.

> Also, should we open a ticket with a 1.5 milestone for this?

It'd certainly be far less valuable to put this into a 1.5.x point
release, where x > 0. But, we're not making much progress towards
converging the issue trend towards zero...

application/pgp-signature attachment: stored

Received on Wed Oct 24 00:45:22 2007

This message: [ Message body ]
Next message: Daniel Rall: "Re: Rejecting commits to a 1.5 server from clients < 1.5"
Previous message: Blair Zajac: "Re: Rejecting commits to a 1.5 server from clients < 1.5"
In reply to: Blair Zajac: "Re: Rejecting commits to a 1.5 server from clients < 1.5"
Next in thread: Blair Zajac: "Re: Rejecting commits to a 1.5 server from clients < 1.5"
Reply: Blair Zajac: "Re: Rejecting commits to a 1.5 server from clients < 1.5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]