In discussing this aspect of the change with ASF Infra, Gavin McDonald asked for a reconsideration.
Firstly, he was concerned about Jira struggling under the load of auto-populating 120000 user names. He suggested waiting until they have migrated users to LDAP later this year. Given Jira’s general stability, this seemed like a reasonable concern, but it looks like we already support Jira-users for the assignee box and though it can be quite slow, this isn’t a new change. Secondly, he was concerned about spam or other nefarious users corrupting the project sufficiently that we require a restore from backup, which would have ramifications for other projects. This I guess we need to talk a little about. His stated concern was bulk deletion of issues, but this won’t affect us since we don’t grant this right to contributors today (in fact only PMC members are granted this right, since we do not generally endorse this). However we would be providing the opportunity to corrupt all of our issues, at relatively low cost, to somebody who feels like causing some mayhem. We could perhaps mitigate this risk by only conferring the right to edit issues you yourself have filed, (and perhaps those that have been assigned to you, but this would require limiting who may assign issues). This would limit the possible corruption to transitioning tickets, or spamming comments (the latter of which is already open to them). All other contributor rights could be conferred to Jira-users. I’m honestly not sure how much we should worry about this, but the prospect of harming other projects because of our own indifference to the problem doesn’t entirely sit well with me. Does anyone have any thoughts on this? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org
