[Fwd: Submit Request Failure]
Martin Pool
mbp at canonical.com
Thu Dec 1 06:01:08 UTC 2011
On 1 December 2011 16:53, Robert Collins <robert.collins at canonical.com> wrote:
> On Thu, Dec 1, 2011 at 5:49 PM, Martin Pool <mbp at canonical.com> wrote:
>> I think this is not a good tradeoff, at least in the case of bugs
>> (where the fact a bug <N_MAX exists is no secret), but there it is.
>
> The bug space is sparse: rolled back transactions do not create bugs
> but the sequence is still incremented. So, there is no guarantee that
> bug N, for any N, exists.
When I said "it's no secret", I didn't mean that everybody necessarily
knows it's true, but rather that there is no security consequence to
them knowing bug X exists. It is very likely bug X<=N_MAX exists. It
is not even a German Tank Problem because so many bugs are public.
I do see the value in having a consistent policy across all private
objects and having that policy be to deny them entirely. On the other
hand it causes confusion, such as for Alexander here.
--
Martin
More information about the bazaar
mailing list