[Zope3-dev] Re: [Z3d] 78/ 3 Comment "add.pt is viewable by anonymous
despite Zope.ManageContent permission"
Steve Alexander
steve@cat-box.net
Wed, 30 Oct 2002 10:03:24 +0000
Chris Withers wrote:
> Steve Alexander wrote:
>
> > Chris Withers wrote:
> >
> >> R. David Murray wrote:
> >>
> >> >
> >> > Shouldn't the publisher be refusing to publish anything without a
> >> > security proxy, just like Zope2 refuses to publish unwrapped
> >> >objects?
> >>
> >> I sincerely hoep this is rectified soon!
> >
> >
> > Add it to the Zope3 development collector then.
>
>
> Do conecptual problems belong in the collector?
The Zope 3 development collector is for collecting and coordinating work
on development tasks, and fixes to bugs.
If you think it is a bug that the publisher does not refuse to publish
unwrapped objects, add that to the collector.
If you think there is a development task "address the risk of publishing
objects that were not security wrapped due to bugs in their factories"
then add that.
If you understand the nature of the problem, and you have a concrete
proposal for addressing it, then write a Zope 3 proposal, such as "A
configuration directive to make the publisher require all objects are
security-wrapped".
In any case, if this issue concerns you, don't just talk about it on the
mailing list where it will be lost in the aether; record it somewhere.
--
Steve Alexander