Nathan Hartman wrote:
Stefan Sperling wrote:
In my opinion the original change was a mistake which should be corrected.
To be clear: I don't disagree (and thank you for debugging and fixing
it); I understand your reasoning; I just don't have the context to judge
the impact and want to be sure we don't create a new problem when
deploying a fix for the original problem.
I think the benefits of seamless upgrades of existing deployments outweight
concerns over potential regressions in fresh deployments (which, let's admit
it, are getting rare these days).
A third group is pre-existing deployments in which the admins have now
adjusted their rules to match the 1.10+ behaviour. I can't guess which
group is biggest, which ones matter more or less than others, nor in
what proportion of deployments the semantic change would make any actual
difference to the authz rules in effect.
- Julian
