[Zope3-dev] RE: FW: Zope security policy

[Garrett Smith]

There's also a problem with errant files in package-includes. I recently
had to recreate a Zope instance because something wasn't importing.

How do Zope 2 users deal with upgrades? They must have some site
specific config files that need updating :-/

 -- Garrett

Philipp von Weitershausen wrote:
> Garrett Smith wrote:
>> This change:
>> 
>> 
>>> - Move site-specific security policy decisions into
>>> securitypolicy.zcml -- I'll update both the file in the root as well
>>> as the file in z/a/securitypolicy.
>> 
>> 
>> will break existing zope instances because it depends on them
>> updating their instance securitypolicy.zcml. This would not make for
>> a very seamless upgrade. 
>> 
>> Do we have any mechanism for updating instance-specific conf files?
> 
> I don't think we have one, but it I really like the Debian way of
> dealing with the upgrade of configuration files:
> 
> a. If the file that is to be upgraded hasn't been modified since it
> was installed, just do the upgrade silently.
> 
> b. If it has been modified, allow the administrator to decide whether
> he wants the file overridden or wants to apply the upgrade manually.
> In the first case the upgrade mechanism keeps a backup of the old
> modified file (FILE.debian-old or something), in the second case it
> leaves the file alone but puts the new version right next to it
> (FILE.whatever). 
> 
> While such a mechanism isn't particularly difficult to implement, it
> would mean that the installation script would have to know when a
> config file has been modified since its installation (or the last
> upgrade). This could be done by comparing md5sums, possibly, instead
> of whole files. 
> 
>> This would be as straight forward as replacing their
>> securitypolicy.zcml in etc if all it contains is the default include.
> 
> This case would be equivalent to scenario a) described above.
> 
> Philipp