[Zope-dev] Request For Comments: SecurityJihad

Michael R. Bernstein webmaven@lvcm.com
13 Aug 2001 19:47:03 -0700


On 13 Aug 2001 11:24:02 -0700, Michael R. Bernstein wrote:
> Ok, I've gotten some private feedback on the SecurityJihad proposal
> (mostly before I did the anouncement last Thursday), and incorporated
> the suggestions.

Ok, I've gotten more feedback. I was advocating too much product
breakage in my proposal, so I modified it. I don't think that breakage
can be completely avoided, but it can be restricted to products that use
the declarative security framework *and* rely on the various "magic"
behaviours.

So I'm asking the product authors on the list if that breakage is
acceptable, provided they can re-activate the "magic" by doing:

security.useMagicMethodNames("yes")
security.docstringsMakeObjectsPublishable("yes")

Products that do not use declarative security at all would not suffer
any breakage.

What do you all think?

Michael Bernstein.