-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andreas Jung wrote:
| There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ...
| to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!!
I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access.
I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment.
If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'.
How about a 'yes' response this time.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce