Comment by Groxx
3 years ago
>IMHO, the takeaway here is that API footguns should be treated as security vulnerabilities.
Yeah, especially in this case, due to changing defaults and similar-but-differently-behaving APIs.
Defaults really suck sometimes. But so does not having any. And so many things can become security issues when used just so.
:/
See that's not what happened here. It wasn't that the API had a footgun (I'll leave out "is this API actually good"). It was that someone decided that changing core API behaviour after that library had shipped was acceptable - and it isn't.
That's why shipping a new API requires a lot of time investment in the design of the API: once an API is shipped you can't just change the behavior dramatically.