-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas Jung wrote:

| There is zero need to relax this requirement. You only have to start
| Zope as root
I just explained you cannot start as root ...

| to get port 80 but it is in general not a good idea for *any* service to
| run
| as root for security reasons. So there is absolutely no reason to *not*
| changing
| the the uid of the process to a user with less permissions.
Says you!!

I happen to be using zope to wrap a number of excellent Python rpm
packaging scripts/modules (eg yum, mach), and as part of this process,
need to do rpm package installs from the zope server which obviously
requires root access.

I see no reason why I should be penalised for using the excellent
workflow features of Zope in a system programming environment.

If Zope is to be useful to the widest cross community, we really MUST
stop this 'we know best' attitude and allow people at the coalface to
override default behaviour as only they are in a position to evaluate
the appropriateness of the 'security reasons'.

How about a 'yes' response this time.

Alan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1
tvE2RP5DNwa2IlEmMmX2l0g=
=JNQg
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to