Hi Andrew, Thanks for the nice KIP, This KIP design for introducing dead-letter queues (DLQs) for Share Groups is generally clear and reasonable, addressing the key pain points of handling "poison message".
D01: Should we consider implementing independent ACL configurations for DLQs? This would enable separate management of DLQ topic read/write permissions from source topics, preventing privilege escalation attacks via "poison message" + DLQ mechanisms. D02: While disabling automatic DLQ topic creation is justifiable for security, it creates operational overhead in automated deployments. Can we introduce a configuration parameter auto.create.dlq.topics.enable to govern this behavior? D03: How should we handle failure scenarios when brokers attempt to write records to the DLQ? ---- Replied Message ---- | From | Andrew Schofield<andrew_schofield_j...@outlook.com> | | Date | 07/08/2025 17:54 | | To | dev@kafka.apache.org<dev@kafka.apache.org> | | Subject | [DISCUSS]: KIP-1191: Dead-letter queues for share groups | Hi, I'd like to start discussion on KIP-1191 which adds dead-letter queue support for share groups. Records which cannot be processed by consumers in a share group can be automatically copied onto another topic for a closer look. KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-1191%3A+Dead-letter+queues+for+share+groups Thanks, Andrew
