David Pratt, Tim TerlegÄrd and I had a brief conversation about the
decision to implement a new security policy in repoze.bfg based on


1) This does away with ``zope.security``, which was the de-facto
security model for Zope and one most developers are intimately
familiar with. Is it possible to support a setup where this security
model would be used instead of the new ACL-based policy?

2) The syntax for the ACL policy is quite crude in my view; it uses
tuple-notation and strings where I would've considered a scheme that
was less error-prone (on both accounts: a tuple notation is often
difficult because the ordering is so random, and strings could lead to
hard-to-catch typos).

Repoze-dev mailing list

Reply via email to