On Feb 9, 2012 6:09 PM, "Randall Leeds" <[email protected]> wrote: > > On Thu, Feb 9, 2012 at 17:48, Jason Smith <[email protected]> wrote: > > Hi, Noah. When I saw it hit Git, I realized it was a breaking change, > > and I asked around. If memory serves, Randall happened to be on at the > > time and he asked me the same question you just did. I said I never > > saw an RFC email and that's when he realized it was not done publicly. > > I was aware the entire time, but I think the motivation is sound and > it needed to be done. A couple committers spoke up to say we didn't > think it was sensitive enough to warrant the private discussion but > ultimately there was broad consensus on the implementation and the > change itself. One of those (let us all celebrate) extremely rare > times where there wasn't opportunity for broad community input. > > Creating a view on _users that pulls the relevant parts of a user > document out is the way forward for public profiles, I think. > If someone would write a blog post showing how that works it'd be > great. In retrospect this would have been a great thing to do weeks > ago. Lesson learned.
Just to be clear I don't want to dismiss your concerns. If you believe this needs a config option rather than just documentation now is a good time to speak up loudly since the vote was aborted. > > Now to test! > > -R > > > > > I am pleased and grateful for the 1.2 release. It's remarkable! I'll > > simply remind the community, don't email a plus-one just because the > > unit tests pass. Install your application! Test your application! If > > you use _users in your Couch app, this will be the most significant > > breaking change since the 0.9 release. > > > > On Fri, Feb 10, 2012 at 8:25 AM, Noah Slater <[email protected]> wrote: > >> Did you bring this up on the RFC thread or in private, Jason? > >> > >> On Fri, Feb 10, 2012 at 1:16 AM, Jason Smith <[email protected]> wrote: > >> > >>> On Fri, Feb 10, 2012 at 7:52 AM, Noah Slater <[email protected]> wrote: > >>> > Hello, > >>> > > >>> > I would like call a vote for the Apache CouchDB 1.2.0 release, first > >>> round. > >>> > >>> Documents in the _users database are no longer publicly readable. > >>> > >>> I understand that there was no public RFC about this due to its > >>> security implications? > >>> > >>> Iris Couch users have been running the 1.2.x beta builds for a few > >>> ekes and this is the top point of feedback. People have to rewrite > >>> their Couch apps, in particular because most of Chris's projects and > >>> examples uses _user to keep public profiles (nickname, Gravatar URL, > >>> etc.). > >>> > >>> I suppose this is old news. The decision is good. It's a documented > >>> breaking change. Fine. I hope there isn't blowback though. > >>> > >>> -- > >>> Iris Couch > >>> > > > > > > > > -- > > Iris Couch
