Currently it is possible to republish someone else's capability via new capabilities API, I think it makes sense to keep old restriction.
There are a lot of scenarios ( voting, gating with existence of NFT ) usually checking if account owns some balance or resource, by checking a public path capability. Now it will be extra burden for developers and small foot gun with this change of behaviour.
FLIP suggests adding a restriction to the capability API, permitting only capabilities from the same account address to be published via capabilities.publish.
Currently it is possible to republish someone else's capability via new capabilities API, I think it makes sense to keep old restriction.
There are a lot of scenarios ( voting, gating with existence of NFT ) usually checking if account owns some balance or resource, by checking a public path capability. Now it will be extra burden for developers and small foot gun with this change of behaviour.
FLIP suggests adding a restriction to the capability API, permitting only capabilities from the same account address to be published via
capabilities.publish
.Previous Discussion: https://github.com/onflow/cadence/issues/2768 Draft PR: https://github.com/onflow/cadence/pull/2782 FLIP Discussion: https://github.com/onflow/flips/pull/197