From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 82C0094C79 for ; Fri, 23 Feb 2024 11:52:46 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 67F5B16C72 for ; Fri, 23 Feb 2024 11:52:46 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 23 Feb 2024 11:52:45 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2E29744EF0 for ; Fri, 23 Feb 2024 11:52:45 +0100 (CET) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 23 Feb 2024 11:52:44 +0100 Message-Id: From: "Stefan Sterz" To: "Thomas Lamprecht" , "Proxmox Backup Server development discussion" X-Mailer: aerc 0.17.0-57-g782a17dfb056 References: <20240215152001.269490-1-s.sterz@proxmox.com> <20240215152001.269490-5-s.sterz@proxmox.com> <0e2e995a-ac9b-4b4a-b7ba-eeb154dfaab5@proxmox.com> <3114362d-e1c8-4107-be0d-61bc0173bc1b@proxmox.com> In-Reply-To: X-SPAM-LEVEL: Spam detection results: 0 AWL -0.078 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox 04/12] auth-api: move to hmac signing for csrf tokens X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2024 10:52:46 -0000 On Fri Feb 23, 2024 at 11:48 AM CET, Thomas Lamprecht wrote: > Am 23/02/2024 um 10:26 schrieb Stefan Sterz: > > the alternative is not having a fallback at all and breaking all open > > session once on upgrade. but basically we should be able to remove this > > check even between minor versions since we don't support version > > skipping to my knowledge. sessions are only valid for two hours and > > usually we don't release those versions *that* quickly =F0=9F=98=89 > > Not sure if I understood you correctly, but one can update from any > previous minor version to the newer one,independent of how many versions > there are in-between. Just like one can update from the latest previous > major version to the next major version and the latest of it's minor > version. > > So no, this check cannot be removed between minor version. > E.g., if this would get rolled out for PBS 3, then PBS 4 would be the > first version where it would be 100% fine to remove it without any > realistic user impact. As while could update from 3.1 to 3.4 and then > to 4.x in a matter of two hours easily, our official upgrade how-to > then documents that a reboot of the host and a (force) refresh the > web UI is required, which then makes it 100% fine. > > If we wouldn't require reboots and refreshes then, users could update > ancient installations over a few major releases in a row, and we could > basically never drop such backward-compatibility code. ahye, sorry for that than. in that case yeah, this fallback could only be removed with the next major version. sorry for the misinformation.