[OpenAFS] Re: Proposed changes for server log rotation

Andrew Deason adeason@sinenomine.net
Sun, 5 Dec 2010 22:28:37 -0600 

On Sun, 5 Dec 2010 23:36:33 +0000
Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:

> > We only just agreed to turn on by default the configure flag that
> > lets you turn on restricted mode at all, for 1.6. I'd hope we'd wait
> > another stable release cycle or two before making it the default
> > (maybe 2.0?).
> 
> I don't see the relationship here. Are you saying that every time we
> ship a new feature we should ship it disabled, and then wait a couple
> of release cycles before enabling it? Because that's going to get
> boring really quickly.

Features that are backwards-incompatible, and cause nontrivial downtime
to revert, I'd hope we'd wait at least a release. For this specific
case, 1.8 is one stable release cycle and 1.10 is two (or 2.0 if we get
there first?). 1.8 is 1.6+IFS if I recall correctly, so I don't think
including the change there would be a good place, making 1.10 a sensible
next choice. And keep in mind I'm trying to think of stable release
cycles in terms of what was discussed at BPW 2010, not the glacial pace
of e.g. 1.2 -> 1.4. It wouldn't/shouldn't take that long.

And rapid changes can get really annoying, too. Have already gotten a
little annoying (Just a little! :)

> The relationship between being in UserList and having effective root
> access to the machine is poorly documented, and poorly understood. I
> suspect that this discussion has come as an unpleasant surprise to
> many people. If you add into the mix the extremely weak authentication
> and connection security that protects it from external attack, then I
> think that this is a hole we should be removing from the default
> install as soon as possible.

It's also existed for the past 10+N years. That's not an excuse to keep
it around, but it's not like this is anything new.

And I thought we already discussed this last year, and we agreed to turn
on the restricted capability by default, but not restricted mode on by
default in 1.6.

-- 
Andrew Deason
adeason@sinenomine.net