Parametring cancel processing (Cancel-Lock vs unauthenticated cancels)
Russ Allbery
eagle at eyrie.org
Sun Jan 2 21:41:53 UTC 2022
Julien ÉLIE <julien at trigofacile.com> writes:
> I like this idea. I suggest that the default be "require-auth" (4) if
> INN was built with Cancel-Lock support, and "all" (1) otherwise. Or
> maybe "none" (2) otherwise? We can do that change in the upcoming major
> 2.7.0 release.
I like this idea. I'd default to "none" otherwise (may as well be more
secure by default, and we're allowed to break some compatibility in the
2.7.0 release).
> I also suggest removing the "innd -C" flag, or rather make it a no-op,
> as the "docancels" parameter does the same thing, better.
I think it shouldn't be a no-op; it should either work to override the
config setting or we should remove it so that it will cause an error and
people will have to update their configuration. Otherwise, I think we
risk silent and surprising behavior change.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list