[Zope-dev] Heads up -- big changes on trunk

[Shane Hathaway]

This notice only applies to developers who are following the bleeding
edge of Zope, the CVS trunk.  It does not apply if you downloaded Zope
from a web site.

We're about to check in to the trunk the unified restricted code
implementation which is currently on the RestrictedPython branch.  The
documentation and rationale can be found here:

http://dev.zope.org/Wikis/DevSite/Projects/SupportPython21/RestrictedPython

We looked at using Bastion and rexec, but neither of them provide the
kind of granularity demanded by the Zope security model.  So we created
a new module, RestrictedPython, which is in fact usable outside Zope.

Although the driving goal was to support Python 2.1, this project has
given us an opportunity to work on some long-standing issues as well. 
The restrictions are clearer and finally both DTML and scripts use the
same code to implement security.

We've tried hard to make the new code work just right, including new
unit tests and a couple of optimizations.  But there is bound to be some
breakage.  Also, as the community was warned previously, the new code
requires Python 2.1.

Shane