DEV: Remove backend diagnostics #289
Conversation
|
@benlangfeld How do you feel about dropping the diagnostics completely? That never really grew out into a full-fledged feature and seems to be unused by the vast majority of users. Its code was also untouched since #194. (three years ago 😃) In the future, if there's any interest in better diagnostics interface, it could be created from the ground up as a separate gem/package. |
|
What was the motivation for this? Was it causing any problem? Indeed, I never did get time to work on it more. At the time I was under a bunch of pressure to improve message delivery latency and delivery rate, which were very poor in our deployment. We made a few simple obvious tweaks which made some improvement, but didn't get to what was proposed as acceptable, then the pressure dried up and several other things became an emergency. I agree, usage seems very sporadic. Important metrics are not exposed (see #248, #243) and the diagnostics UI was mostly useless (see #186), but it seems a shame to give up on it. |
|
Ah, now I see GHSA-xmgj-5fh3-xjmm, I believe that is the motivation for this, correct? |
|
@benlangfeld Yes, that security issue was the initial motivation for dropping the diagnostics. It also wasn't being used enough (or at all) to justify keeping around this old code. And the ability to terminate server processes in production, even when correctly limited to just admins, was considered dangerous. As I noted in the previous comment, it would be best to implement any future diagnostic tooling for message_bus as a separate, optional package. |
No description provided.