From 6c1f7d325239f305b9bf6a4503165cefae1ee3d8 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Wed, 3 Mar 2010 21:06:41 -0800
Subject: Verify that an ACL to be deleted is not referenced

When deleting an ACL on the server, verify that the ACL is not
referenced by any object first.  Database referential integrity should
also catch this, but not all database backends may enforce referential
integrity.  This also allows us to return a better error message
naming an object that's still using that ACL.
---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 9800390..e66d1b3 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,12 @@
 
 wallet 0.11 (unreleased)
 
+    When deleting an ACL on the server, verify that the ACL is not
+    referenced by any object first.  Database referential integrity should
+    also catch this, but not all database backends may enforce referential
+    integrity.  This also allows us to return a better error message
+    naming an object that's still using that ACL.
+
     Fix portability to older Kerberos libraries without
     krb5_free_error_message.
 
-- 
cgit v1.2.3