[Zope-dev] RFC: SecurityJihad Proposal

[Michael R. Bernstein]

Hello All,

As some of you may have noticed, I've been working on a proposal for
removing Zope's inconsistencies regarding security that currently make
writing Python products less straightforward then it should/could be.

The proposal is at:
http://dev.zope.org/Wikis/DevSite/Proposals/SecurityJihad

What the proposal covers:

 - The cruft that has accumulated

 - The problems the cruft causes

 - The workarounds that the cruft makes neccessary

 - A proposal for removing the cruft, while maintaining what backwards
compatibility we can.

Note that while I think that a certain amount of backwards compatibility
can be maintained, some breakage *must* occur if the workarounds are to
be eliminated for product developers.

Declaration of Jihad:

Inconsistencies suck. Security inconsistencies are dangerous, and
encourage the creation of insecure products. The incocnsistencies must
be eliminated! I declare Jihad on all security inconsistencies!

:-)

Comments welcome,

Michael Bernstein.