spmallette commented on code in PR #3384:
URL: https://github.com/apache/tinkerpop/pull/3384#discussion_r3137707527


##########
docs/src/upgrade/release-4.x.x.asciidoc:
##########
@@ -30,6 +30,95 @@ image::gremlins-wildest-dreams.png[width=185]
 Please see the 
link:https://github.com/apache/tinkerpop/blob/4.0.0/CHANGELOG.asciidoc#release-4-0-0[changelog]
 for a
 complete list of all the modifications that are part of this release.
 
+=== Upgrading for Users
+
+==== Gremlin Server Initialization Without Groovy

Review Comment:
   How about "More Secure Gremlin Server" as a title? 
   
   The first sentence is rough with the semicolon:
   
   > Previous versions of Gremlin Server relied on the Groovy script engine for 
basic server initialization; binding
   traversal sources, loading data, and running lifecycle hooks all required 
Groovy init scripts.
   
   How about: 
   
   > Previous versions of Gremlin Server relied on a Gremlin-flavored Groovy 
`ScriptEngine` for basic server initialization, which covered binding traversal 
sources, loading data, and running lifecycle hooks all setup by Groovy 
initialization scripts.
   
   Change "script engine" to `ScriptEngine` consistently. If this is about 
security, I think that it would make sense to mention how an earlier version 
took a step toward security by making gremlin-language the default for script 
execution and this is the second step required to make the server more secure 
by default. you allude to that in the second paragraph without that earlier 
reference about sending remote scripts. I would further allude to the idea that 
a future version will wholly remove Groovy as an installed option in the server.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to