Hi Thomas:

In message <20191103091713.178080640.thomas@intevation.de>,
Thomas Arendsen Hein writes:
>* John Rouillard <issues@roundup-tracker.org> [20191103 02:04]:
>> If this was to work for email (and API interfaces), would you expect
>> to see the default value in an auditor or just in a detector?
>
>By default both, email/api and web interface, should behave the
>same, otherwise it would be too magical.

Fair enough. Principle of least surprise by removing an exception
condition.

>> My thought is:
>> 
>>   in web interface the user can see the default value and choose
>>     something different. So in the auditor we can see that the user
>>     chose the default value.
>> 
>>   in email or api/rest interfaces the user can't see the default
>>     so the auditor doesn't see the default value either.
>
>In some use cases (the user SHOULD do something) this might be
>valid, in others (the user MUST do something) not.

I wonder if there needs to be some mechanism that indicates the
setting was a default and not a choice by the user.

I don't think we do, but...

>If the author of an auditor script wants to relax the checks for
>e.g. email, they could use db.tx_Source to make the script behave
>differently, see "Restricting updates that arrive by email" in
>customizing.txt for the opposite use case.

Hmm, somebody was smart adding the ability to figure out the source of
a transaction 8-).

>P.S.: It is auditor vs. reactor, both are detectors :)

Yes. Always getting detectors/reactors confused.

Thanks for your feedback.