-
-
Notifications
You must be signed in to change notification settings - Fork 866
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change AWS_DEFAULT_ACL to 'private' #381
Comments
I agree, will have to go in a 2.0 release. I've been lax about breaking changes because they are usually smaller and not in widely used backends. This would not be that in any way. |
By default it shouldn't set ACL at all (boto's default behaviour), and defer to the bucket's ACL? Or as a non-breaking change, there should be an option to not explicitly set an ACL on the object. That way you could give an application's IAM role |
Just to follow up: looks like we can work around this by explicitly setting |
We will now warn about the insecure defaults with a recommendation to update. |
public-read
denied")The text was updated successfully, but these errors were encountered: