Are you introducing an ability to play with additional IRIS configuration settings without restarting a container? If so, it sounds reasonable.

To address one of the security issues mentioned by Dmitry, why not hardcode a public key (or even several public keys) and disable SSH password authentication?

If I could explicitly set authentication method for various parts of our instance

Apparently you can do it for each part of your instance represented as a web application. Just look in System Management Portal (SMP): System > Security Management > Web Applications: all the /csp/sys/* stuff is nothing else but SMP's function groups starting pages.

If you have an article posted on DC and an app downloaded on OEX

Did you really mean an app uploaded to OEX?

you are absolutely correct in your guess: I've just called it from terminal :)
Another option is to put agg into the PublicList of the caller method. I still like it more than passing by reference as it looks clearer.

P.S. Correct caller was added to my sample code. THX Robert.

Just a small fix that makes the PublicList unnecessary:

ClassMethod Flatten(reference, Output flat)
    For {
        Set reference = $query(@reference)
        Set value = $listbuild(@reference)
        For i=1:1:$qlength(reference) {
            Set value = value_$listbuild($qsubscript(reference,i))
        Set flat($i(flat)) = value

The fixed method should be called in a slightly different way:

Method SomeMethod(...) [ PublicList = agg ]
  Do ..Flatten($name(agg),.summary)

Just adding 2c:

  • mapping your class to pseudo_namespace %ALL makes it available to all other namespaces except %SYS would be available to all namespaces including %SYS.

Giving a developer the opportunity to turn off an auditing event deemed important to capture kind of defeats that purpose.

Agree with you that disabling audit events is basically a bad practice. 

The frequency and the purpose of those external calls were checked, and they are OK, while it's worth considering change $zu(-100) to something else, e.g. to command pipe, whether access to pipes is not logged to Audit.

Now I've got an idea... It was not our case as it was a new instance of IRIS to create. We were just choosing the simplest way of passing databases and some other stuff (localization, Task Manager's tasks, etc) from Caché to IRIS. Installation of an old version of OS just for Caché's sake seems to be overkill, doesn't it?

@Robert Cemper

Agree with you, "in-place conversion" is not of great aid in real cases. Its pathos name sounds a bit confusing, isn't it?

During my first tries to transfer our Caché APP to IRIS I took an approach similar to yours, although I preferred not to use ECP as it was possible to avoid running both instances concurrently.

The funny thing I noticed: if one creates a database in Caché, renames it to IRIS.DAT, stops Caché, and starts IRIS, it will be mountable, but the reverse is wrong: renaming IRIS.DAT has been created in IRIS to CACHE.DAT doesn't make it compatible with Caché.

This is a first version with Frozen Plans

The first, but not the last one, so still not getting the idea of having this intermediate upgrade point.

...Cache/IRIS never runs on unsupported OS. Do you have a case with WRC on this topic?

Sorry, on which topic? Everyone knows that Cache/IRIS never runs on an unsupported OS.