Hacker News new | past | comments | ask | show | jobs | submit login

I could have had this a few weeks ago, when I realised popular S3 integration tool `django-storages` sets all objects' ACL as public-read by default:


That got fixed. Default behaviour is now to use the bucket's default.

Can't really fault Amazon or the Django library for you not reading the docs.

I am 100% willing to fault software for bad defaults regardless of how they document those defaults.

Absolutely agree. Telling people of your bad design is still bad. Especially when "telling people" happens in a flood of other noise, like one line in documentation on a whole tool.

> Telling people of your bad design is still bad.

IIRC the person who took over maintenance and added that warning isn't the one who created the tool.

Default-insecure is bad design almost anywhere I can think of (and Django Storages is changing their default in the next version - they realised it's probably not best as it is).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact