[Zope-dev] zope 2.3.0 upgrade bug: inituser trashes existing user

[Zope mailing lists]

I have not thoroughly tested this, but I have done it twice to make
sure I could reproduce the error I saw in the specific circumstances
I saw it.  I suspect the bug is generic, but don't have the time to
prove it right now.  My setup:

INSTANCE_HOME style setup.
Zpatterns installed in 2.3.0 tree
EMarket installed in the instance products folder.
RedHat Linux 5.2 (I think, how do you tell on a linux system?)
python from RPMs, zope 2.3.0 from source install (wo_pcgi).

I upgraded an existing site by simply changing my zopectl (see my product)
PYTHONHOME setting to the 2.3.0 tree, shutting down the site (which
had been running 2.2.4), and restarting.  Now, at this point I did
not understand how inituser was supposed to work, so I had copied
my old access file to be my inituser file, thinking the name had
changed but the semantics were similar.  Imagine my surprise when
the inituser file dissapeared when I started zope <grin>.

The problem is that the inituser *replaced* the single existing
user in the acl_users folder.  This must be a bug.

--RDM

PS: I also was amazed to find that having ZDebug (without Chris'
patch) in my Products folder left my site *wide* open: anonymous
could view and edit methods.  This might be worth a warning
on the web site, even though it is unlikely anyone would run
production with ZDebug installed.