[ZODB-Dev] CHAP with ZEO
Ken Manheimer
klm@digicool.com
Mon, 21 May 2001 23:03:27 -0400 (EDT)
On 21 May 2001, Bill Anderson wrote:
> On 21 May 2001 19:29:06 -0400, Jeremy Hylton wrote:
> ...
> > As Andrew said in an earlier message, we do a disservice to the
> > community if we promote a system with a security infrastructure that
> > we know is substandard.
>
> And we do a far greater disservice if we let perfection be the enemy of
> progress.
>
> IOW, "It's less than perfect, so we shouldn't do it" is a worse policy
> than providing minimal capability. And that seems to be the policy I am
> seeing here.
The argument was not for perfection, but for avoiding inadequacy. Security
inadequate to its purpose is false security, and worse than no security at
all.
The question here should be "what is really required", not, "what's easy
to do". I personally don't have an answer to that, or even know the
priority for having determining it - maybe an assessment is due.
Ken
klm@digicool.com