launchpad-users team mailing list archive

[Christian Robottom Reis <kiko@xxxxxxxxxxxxx>]

On Sun, Jan 18, 2009 at 11:34:20AM +0100, Martin Pitt wrote:
> Hi Leonard,
> 
> Leonard Richardson [2009-01-12 12:39 -0500]:
> > > So, is this possibly but just not obvious, or is it intended that
> > > there be no anonymous access?
> > 
> > It's intended that there be no anonymous access. The web service doesn't
> > have some common use cases of the website (eg. search engine crawlers
> > or people coming in from lists of search results) and we want to be able
> > to throttle usage for people who are doing too much expensive stuff
> > through the web service.
> 
> This is bothering me as well, and prevents me from effectively using
> launchpadlib in e. g. apport.

Hmmm. Why? Doesn't the user need an account to submit bugs anyway?

> Given that python-launchpad-bugs is much slower and puts much more
> load on the server, and that one could work around this by creating a
> bogus user on Launchpad and hardcode its username/password in the
> software, I don't think the "no anonymous user" design can be either
> effectively enforced nor makes sense.

Just two comments:

    p-l-b doesn't necessarily put more load on the server. It depends on
    what it's doing -- fetching +text is actually cheaper than pulling
    in bug data via the API.

    If a username/password was hardcoded and the software caused
    problems, we could definitely throttle or disable that user.

Having said that, I am not philosophically opposed to allowing read-only
access to anonymous users, having said that (via Launchpad.View for
instance). Leonard, is there any non-technical reason why we shouldn't
do it, or alternatively, is there a strong technical one?
-- 
Christian Robottom Reis | [+55 16] 3376 0125 | http://launchpad.net/~kiko
                        | [+55 16] 9112 6430 | http://async.com.br/~kiko