On Thu, 2026-06-18 at 16:21 -0700, Jeff Davis wrote:
> IIUC, we cannot have false positives (tracking ACL checks that
> wouldn't
> have caused an abort) nor can we have false negatives (missing an ACL
> check that could cause an abort).
Idea: what if we check for changes in ACLs on the object, rather than
whether it passes the check or not?
Then, if track an ACL check that wouldn't actually cause a failure,
then it still might be acceptable to throw an error if the ACL changes.
Still some details to sort out, so this is just an idea.
Regards,
Jeff Davis
