I'm advocating an explicit option to disable security checks here. I'm just also advocating that the current behavior can be sensible in certain circumstances. This is the only backwards compatible way anyway.
+1
Anyway, I disagree on the general philosophical point that it is undesirable to have tool or framework support for various best practices and experience.
Well, basicalle my point boils down to "if not broken: pass".
Potentially dangeraous breakness in an extreme use case where the solution really is to avoid the use case alltoghether does not motivate a technical solution to that particular case - YMMV.
I am not sure we disagree, though I might add that I am not at all for tools that overdo the "we need to protect the developer as if they were end users" way of thinking and implements the tools like that.
Tools should be verstile and not too clever in "helping" the user (user=developer in this case) - I react instinctively to those tools like I react when MS Word tries to "Help" :-)
/dario
-- -- ------------------------------------------------------------------- Dario Lopez-KÃsten, IT Systems & Services Chalmers University of Tech.
_______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
