The bug: http://zope.org/Collectors/CMF/259
This effectively changes how acquisition works in restricted Python. I understand this may well be the point <wink>.
The consequences: Zope sites experiencing seemingly random Unauthorized errors. 
I have added tests to the AccessControl suite on 2.7 branch that demonstrate the new behavior. Note that all of them pass in Zope 2.7.2.
What it _appears_ to mean is that when a container denies access, the object security of the acquiree is checked. Therefore, a potential acquiree (read: _any_ object) must make sure to declareObjectProtected or it may end up not being acquirable. This is not always the case in current Zope/CMF/Plone which would explain the Unauthorized errors we see.
Tres, I am happy to discuss this further once you had a look at the tests. I also have tests for the CMF in case you want them.
 http://zope.org/Collectors/CMF/318 http://zope.org/Collectors/Zope/1654 http://zope.org/Collectors/Zope/1669 http://plone.org/collector/3682
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce