You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Denitsa Burroughs <de...@gmail.com> on 2019/10/02 14:25:56 UTC
CouchDB 3.0 Weekly Update
Hi all,
Here's a weekly update on CouchDB 3.0. Still looking for volunteers to work
on the available issues and/or doc items. Please take a look and let me
know if you can work in any of thise.
*In progress (Owners, please provide an update):*
#1524 <https://github.com/apache/couchdb/issues/1524> Per-document access
control- Jan
#1875 <https://github.com/apache/couchdb/issues/1875> Update SpiderMonkey
Version - Peng Hui
#2165 <https://github.com/apache/couchdb/issues/2165> - Remove
delayed_commits setting - Nick (docs left)
*Available: *
#2177 <https://github.com/apache/couchdb/issues/2177> Update Fauxton
dependency
#2169 <https://github.com/apache/couchdb/issues/2169> Remove support for
?stale query parameter in favor of `stable` and `update_after` combo
#2167 <https://github.com/apache/couchdb/issues/2167> Remove vestiges of
view-based `_changes` feed
#2166 <https://github.com/apache/couchdb/issues/2166> - Remove
`/{db}/_external/*`
#2115 <https://github.com/apache/couchdb/issues/2115> Update default config
settings (Q, max_document_size, etc.)
#1428 <https://github.com/apache/couchdb/issues/1428> Migrate to rebar3 or
mix
#1470 <https://github.com/apache/couchdb/pull/1470> Fix calculation of
external size for attachments - Eric?
#1523 <https://github.com/apache/couchdb/issues/1523> Retire the
node-local interface (port 5986)
- WIP PR: https://github.com/apache/couchdb/pull/2092
*Discussion items (on ML):*
2191 <https://github.com/apache/couchdb/issues/2191> Tightening up the
security model
IOQ discussion - Cluster setup does not create IOQ stats database
*Documentation improvements:*
- Proposed deprecations for 3.0, not rebuilt/removed in 4.0
- couch_btree developer docs - Chintan
Thanks!
Deni
Re: CouchDB 3.0 Weekly Update
Posted by Joan Touzet <wo...@apache.org>.
Reminder that Jan is still on break and won't be back until next week,
and he's the one who had been spearheading the security tightening
design work.
-Joan
On 2019-10-09 15:17, Adam Kocoloski wrote:
> OK on the security tightening I found this email from Joan:
>
> https://lists.apache.org/thread.html/9c3dacde83d698c262afec5eca524783c71dbeceee26aa66a77538ee@%3Cdev.couchdb.apache.org%3E <https://lists.apache.org/thread.html/9c3dacde83d698c262afec5eca524783c71dbeceee26aa66a77538ee@%3Cdev.couchdb.apache.org%3E>
>
> Reproduced here. I’ll add this context to the ticket, but seems like there’s a decent amount of design work left to do here.
>
> Adam
>
>> I remembered one last deprecation we wanted in 3.0: security tightening,
>> which included the deprecation of admin party.
>>
>> Jan can you find the ticket on this? I don't think it's the full #1504.
>> Just new defaults, and we'll need to think thru what happens when
>> starting up a node that has no [admins]. Do we create one and log its
>> password to the logfile? What if logging is disabled / goes nowhere? Or
>> do we simply refuse to start until an admin is created? What about
>> crypting and salting the password ahead of time - do we introduce a
>> small cli tool to generate passwords like apache/httpd does? Many questions.
>>
>> -Joan
>
>> On Oct 9, 2019, at 2:32 PM, Adam Kocoloski <ko...@apache.org> wrote:
>>
>> I tidied up the “3.0 Release Tasks” column and closed out a few issue that didn’t get auto-closed through PRs. We’re down to 8 cards in that column at the moment.
>>
>> One issue is the rebar3 / mix migration: https://github.com/apache/couchdb/issues/1428. I’m not convinced that needs to land for 3.0. I expect most people use our binary packages and/or container-based installation methods rather than building from source themselves. It also feels like there’s a fair amount of open-ended experimentation that might take place in order to build consensus on the direction there. I’d like to move that back into the backlog; does anyone disagree?
>>
>> We also have an issue that says we want to “tighten up the security model”: https://github.com/apache/couchdb/issues/2191. I don’t know quite what the intended scope is for that. Does anyone have specifics there?
>>
>> Adam
>>
>>> On Oct 2, 2019, at 10:25 AM, Denitsa Burroughs <de...@gmail.com> wrote:
>>>
>>> Hi all,
>>>
>>> Here's a weekly update on CouchDB 3.0. Still looking for volunteers to work
>>> on the available issues and/or doc items. Please take a look and let me
>>> know if you can work in any of thise.
>>>
>>> *In progress (Owners, please provide an update):*
>>>
>>> #1524 <https://github.com/apache/couchdb/issues/1524> Per-document access
>>> control- Jan
>>> #1875 <https://github.com/apache/couchdb/issues/1875> Update SpiderMonkey
>>> Version - Peng Hui
>>> #2165 <https://github.com/apache/couchdb/issues/2165> - Remove
>>> delayed_commits setting - Nick (docs left)
>>>
>>> *Available: *
>>> #2177 <https://github.com/apache/couchdb/issues/2177> Update Fauxton
>>> dependency
>>> #2169 <https://github.com/apache/couchdb/issues/2169> Remove support for
>>> ?stale query parameter in favor of `stable` and `update_after` combo
>>> #2167 <https://github.com/apache/couchdb/issues/2167> Remove vestiges of
>>> view-based `_changes` feed
>>> #2166 <https://github.com/apache/couchdb/issues/2166> - Remove
>>> `/{db}/_external/*`
>>> #2115 <https://github.com/apache/couchdb/issues/2115> Update default config
>>> settings (Q, max_document_size, etc.)
>>> #1428 <https://github.com/apache/couchdb/issues/1428> Migrate to rebar3 or
>>> mix
>>> #1470 <https://github.com/apache/couchdb/pull/1470> Fix calculation of
>>> external size for attachments - Eric?
>>> #1523 <https://github.com/apache/couchdb/issues/1523> Retire the
>>> node-local interface (port 5986)
>>>
>>> - WIP PR: https://github.com/apache/couchdb/pull/2092
>>>
>>>
>>> *Discussion items (on ML):*
>>> 2191 <https://github.com/apache/couchdb/issues/2191> Tightening up the
>>> security model
>>> IOQ discussion - Cluster setup does not create IOQ stats database
>>>
>>> *Documentation improvements:*
>>> - Proposed deprecations for 3.0, not rebuilt/removed in 4.0
>>> - couch_btree developer docs - Chintan
>>>
>>> Thanks!
>>>
>>> Deni
>>
>
>
Re: CouchDB 3.0 Weekly Update
Posted by Adam Kocoloski <ko...@apache.org>.
OK on the security tightening I found this email from Joan:
https://lists.apache.org/thread.html/9c3dacde83d698c262afec5eca524783c71dbeceee26aa66a77538ee@%3Cdev.couchdb.apache.org%3E <https://lists.apache.org/thread.html/9c3dacde83d698c262afec5eca524783c71dbeceee26aa66a77538ee@%3Cdev.couchdb.apache.org%3E>
Reproduced here. I’ll add this context to the ticket, but seems like there’s a decent amount of design work left to do here.
Adam
> I remembered one last deprecation we wanted in 3.0: security tightening,
> which included the deprecation of admin party.
>
> Jan can you find the ticket on this? I don't think it's the full #1504.
> Just new defaults, and we'll need to think thru what happens when
> starting up a node that has no [admins]. Do we create one and log its
> password to the logfile? What if logging is disabled / goes nowhere? Or
> do we simply refuse to start until an admin is created? What about
> crypting and salting the password ahead of time - do we introduce a
> small cli tool to generate passwords like apache/httpd does? Many questions.
>
> -Joan
> On Oct 9, 2019, at 2:32 PM, Adam Kocoloski <ko...@apache.org> wrote:
>
> I tidied up the “3.0 Release Tasks” column and closed out a few issue that didn’t get auto-closed through PRs. We’re down to 8 cards in that column at the moment.
>
> One issue is the rebar3 / mix migration: https://github.com/apache/couchdb/issues/1428. I’m not convinced that needs to land for 3.0. I expect most people use our binary packages and/or container-based installation methods rather than building from source themselves. It also feels like there’s a fair amount of open-ended experimentation that might take place in order to build consensus on the direction there. I’d like to move that back into the backlog; does anyone disagree?
>
> We also have an issue that says we want to “tighten up the security model”: https://github.com/apache/couchdb/issues/2191. I don’t know quite what the intended scope is for that. Does anyone have specifics there?
>
> Adam
>
>> On Oct 2, 2019, at 10:25 AM, Denitsa Burroughs <de...@gmail.com> wrote:
>>
>> Hi all,
>>
>> Here's a weekly update on CouchDB 3.0. Still looking for volunteers to work
>> on the available issues and/or doc items. Please take a look and let me
>> know if you can work in any of thise.
>>
>> *In progress (Owners, please provide an update):*
>>
>> #1524 <https://github.com/apache/couchdb/issues/1524> Per-document access
>> control- Jan
>> #1875 <https://github.com/apache/couchdb/issues/1875> Update SpiderMonkey
>> Version - Peng Hui
>> #2165 <https://github.com/apache/couchdb/issues/2165> - Remove
>> delayed_commits setting - Nick (docs left)
>>
>> *Available: *
>> #2177 <https://github.com/apache/couchdb/issues/2177> Update Fauxton
>> dependency
>> #2169 <https://github.com/apache/couchdb/issues/2169> Remove support for
>> ?stale query parameter in favor of `stable` and `update_after` combo
>> #2167 <https://github.com/apache/couchdb/issues/2167> Remove vestiges of
>> view-based `_changes` feed
>> #2166 <https://github.com/apache/couchdb/issues/2166> - Remove
>> `/{db}/_external/*`
>> #2115 <https://github.com/apache/couchdb/issues/2115> Update default config
>> settings (Q, max_document_size, etc.)
>> #1428 <https://github.com/apache/couchdb/issues/1428> Migrate to rebar3 or
>> mix
>> #1470 <https://github.com/apache/couchdb/pull/1470> Fix calculation of
>> external size for attachments - Eric?
>> #1523 <https://github.com/apache/couchdb/issues/1523> Retire the
>> node-local interface (port 5986)
>>
>> - WIP PR: https://github.com/apache/couchdb/pull/2092
>>
>>
>> *Discussion items (on ML):*
>> 2191 <https://github.com/apache/couchdb/issues/2191> Tightening up the
>> security model
>> IOQ discussion - Cluster setup does not create IOQ stats database
>>
>> *Documentation improvements:*
>> - Proposed deprecations for 3.0, not rebuilt/removed in 4.0
>> - couch_btree developer docs - Chintan
>>
>> Thanks!
>>
>> Deni
>
Re: CouchDB 3.0 Weekly Update
Posted by Adam Kocoloski <ko...@apache.org>.
I tidied up the “3.0 Release Tasks” column and closed out a few issue that didn’t get auto-closed through PRs. We’re down to 8 cards in that column at the moment.
One issue is the rebar3 / mix migration: https://github.com/apache/couchdb/issues/1428. I’m not convinced that needs to land for 3.0. I expect most people use our binary packages and/or container-based installation methods rather than building from source themselves. It also feels like there’s a fair amount of open-ended experimentation that might take place in order to build consensus on the direction there. I’d like to move that back into the backlog; does anyone disagree?
We also have an issue that says we want to “tighten up the security model”: https://github.com/apache/couchdb/issues/2191. I don’t know quite what the intended scope is for that. Does anyone have specifics there?
Adam
> On Oct 2, 2019, at 10:25 AM, Denitsa Burroughs <de...@gmail.com> wrote:
>
> Hi all,
>
> Here's a weekly update on CouchDB 3.0. Still looking for volunteers to work
> on the available issues and/or doc items. Please take a look and let me
> know if you can work in any of thise.
>
> *In progress (Owners, please provide an update):*
>
> #1524 <https://github.com/apache/couchdb/issues/1524> Per-document access
> control- Jan
> #1875 <https://github.com/apache/couchdb/issues/1875> Update SpiderMonkey
> Version - Peng Hui
> #2165 <https://github.com/apache/couchdb/issues/2165> - Remove
> delayed_commits setting - Nick (docs left)
>
> *Available: *
> #2177 <https://github.com/apache/couchdb/issues/2177> Update Fauxton
> dependency
> #2169 <https://github.com/apache/couchdb/issues/2169> Remove support for
> ?stale query parameter in favor of `stable` and `update_after` combo
> #2167 <https://github.com/apache/couchdb/issues/2167> Remove vestiges of
> view-based `_changes` feed
> #2166 <https://github.com/apache/couchdb/issues/2166> - Remove
> `/{db}/_external/*`
> #2115 <https://github.com/apache/couchdb/issues/2115> Update default config
> settings (Q, max_document_size, etc.)
> #1428 <https://github.com/apache/couchdb/issues/1428> Migrate to rebar3 or
> mix
> #1470 <https://github.com/apache/couchdb/pull/1470> Fix calculation of
> external size for attachments - Eric?
> #1523 <https://github.com/apache/couchdb/issues/1523> Retire the
> node-local interface (port 5986)
>
> - WIP PR: https://github.com/apache/couchdb/pull/2092
>
>
> *Discussion items (on ML):*
> 2191 <https://github.com/apache/couchdb/issues/2191> Tightening up the
> security model
> IOQ discussion - Cluster setup does not create IOQ stats database
>
> *Documentation improvements:*
> - Proposed deprecations for 3.0, not rebuilt/removed in 4.0
> - couch_btree developer docs - Chintan
>
> Thanks!
>
> Deni