David Pratt, Tim Terlegård and I had a brief conversation about the decision to implement a new security policy in repoze.bfg based on ACL.
Worries: 1) This does away with ``zope.security``, which was the de-facto security model for Zope and one most developers are intimately familiar with. Is it possible to support a setup where this security model would be used instead of the new ACL-based policy? 2) The syntax for the ACL policy is quite crude in my view; it uses tuple-notation and strings where I would've considered a scheme that was less error-prone (on both accounts: a tuple notation is often difficult because the ordering is so random, and strings could lead to hard-to-catch typos). \malthe _______________________________________________ Repoze-dev mailing list Repozeemail@example.com http://lists.repoze.org/listinfo/repoze-dev