© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
@Armando: I tend to break down the problem this way:
Tenant Safety:
binding:profile - by tradition used only by admin, exposes settings that may be dangerous if used by non-admins.
labels - explicitly tenant settable, and thus things not appropriate to tenants should be exposed via binding:profiles, not labels.
Having something which is explicitly tenant safe is less dangerous than abusing something that is traditionally not.
Tenant Safety is an orthogonal issue to the question of "Attaching arbitrary metadata to ports". As you point out, binding:profiles already does that. That ship has sailed. The real question is about Tenant Safety, are we going to encourage more dangerous or less dangerous behavior. If binding:profile is the only way to meet the use cases, it will be used, and it *is* more dangerous than having explicitly scoped to tenant use attribute 'labels' on ports, because it would mix things which should only be admin settable with things that should be tenant settable... thus providing to much privilege to tenants.
The more I think about it, the more I actually like using *both* binding:profiles (for admin only metadata) and labels (for tenant settable metadata).
Thoughts?