On Mon, 2012-03-05 at 20:51 +0000, Mark Thomas wrote:
> On 28/02/2012 22:27, Shing Wai Chan wrote:
> > Hi,
> >
> > Ron Monzillo has a proposal on configuring DENY semantic.
> > The following is the proposal.
>
> I understand where this is coming from.
>
> The rules for combining constraints are already sufficiently complex
> that users sometimes have difficulty understanding them. Adding another
> variable has the potential to make that problem worse. We therefore need
> to be very careful how this is done - if it is done at all.
Agreed.
> I don't like this part of the proposal. It strikes me as too complex.
> Would it not be simpler to just change the default empty role semantic
> to deny? Of course, that would require the global setting that already
> looks problematic...
>
> In summary, I agree that there is a problem but this proposal seems to
> be trading one problem for a potentially more complex one. I think it is
> worth considering if there is a simpler solution to the problem.
>
> Alternatively, we could treat this purely as a user education issue that
> needs a clear explanation of the potential pitfall in the spec and some
> guidance on how to avoid it.
+1
--
Remy Maucherat <rmaucher_at_redhat.com>
Red Hat Inc