On Aug 26, 2008, at 9:01 AM, Malthe Borch wrote:

> David Pratt, Tim TerlegÄrd and I had a brief conversation about the
> decision to implement a new security policy in repoze.bfg based on
> ACL.
> Worries:
> 1) This does away with ``zope.security``, which was the de-facto
> security model for Zope and one most developers are intimately
> familiar with. Is it possible to support a setup where this security
> model would be used instead of the new ACL-based policy?

I'm not certain.  zope.security is pretty complicated (IMO,  
needlessly) and I'm not personally particularly hot on roles.  But I  
don't think it's impossible.

> 2) The syntax for the ACL policy is quite crude in my view; it uses
> tuple-notation and strings where I would've considered a scheme that
> was less error-prone (on both accounts: a tuple notation is often
> difficult because the ordering is so random, and strings could lead to
> hard-to-catch typos).

I haven't added any API for setting it, as I couldn't think of a way  
that didn't involve passing the three arguments to a function, which  
turns into the same thing, although I suppose it could do error  

- C

Repoze-dev mailing list

Reply via email to