On 03/21/2017 11:14 PM, Willy Tarreau wrote:
Hi Fred!
Hello Willy,
On Tue, Mar 21, 2017 at 07:54:30PM +0100, Frederic Lecaille wrote:
Hello HAProxy ML,
I am starting this new thread to publish a serie of patches to make
all "server" settings be supported on "default-server" lines.
This is a preliminary work for "server templates" feature.
New boolean settings have been added to disable others. Most of them
have "no-" as prefix.
(...)
Wow I didn't realize you had already done all this! That's really cool!
Here is an exhaustive list:
(...)
"sslv2" disables "no-sslv3",
"ssl-reuse" disables "no-ssl-reuse",
"stick" disables "non-stick",
"tlsv10" disables "no-tlsv10",
"tlsv11" disables "no-tlsv11",
"tlsv12" disables "no-tlsv12",
"tls-tickets" disables "no-tls-tickets".
Hmmm I hadn't thought about these ones, I suspect they'll cause more
confusion than anything else, especially given that the "tlsv11" above
cancelling "no-tlsv11" is not the same as "force-tlsv11". We need to
discuss this with Emeric, he's already scratching his head around these
ones without these double negations, he will hate us now :-)
Yes I agree. I should have asked about this before posting. But from my
point of view this is only a naming issue which may easily fixed.
Why no adding synonyms prefixed by "disallow-" for the existing
"no(n)-*" options, and rename my silly new options to "allow-*"?
Or with "forbid(permit)-*" prefix (suffix)?
Anything else?
"no-force-*" is not very English, even for me ;)
Could be replaced by "do-not-force-*" but it's quite long.