Disable replication by default

Issue #378 on hold
Florian Schulze
created an issue

I think we should disable the /+changelog route used for replication by default and add a new command line option to explicitly enable it. This will prevent accidental exposure of data like password hashes.

This is a backward incompatible change, but wouldn't require import/export. Most installations aren't using replication and anyone who does should read the changelog anyway. So I would propose to skip the increase of the major version.

Comments (8)

  1. Holger Krekel repo owner

    agreed on both points: it should be disabled by default. Maybe we can just modify the --role option and add a "standalone" option which becomes the default? To keep possible states simple we could say:

    • devpi-server with default --role will be "standalone", no changelog API available.

    • devpi-server --role=master is neccessary if this instance is to act as master

    • devpi-server --role=replica --master-url=... is neccesary to run in replica mode and point to a master.

    This should have a specific doc in the admin docs.

  2. Log in to comment