On Mon, May 19, 2003 at 03:54:44PM -0400, Shane Hathaway wrote:
Paul Winkler wrote:
start declaring security on stuff that's traditionally relied on having no docstring?
We can't, unless we overhaul the security policy. Declarations for built-in types get ignored. This is because the security policy depends on being able to find a __roles__ attribute on the thing accessed.
ack! ok then, never mind :)
Even so, we might have to do something like this. As another option, I wonder how well it would work to refuse to publish anything that has no __roles__ attribute... or some variation on that.
given what you've just told me, that's the obvious solution.
Zope 2.6 + Python 2.1 tries to disallow access to simple attributes because of the number of things it would let you access that you couldn't before. Yes, it would be useful, but we need Zope 2.6 + Python 2.2 to act the same as Zope 2.6 + Python 2.1.
we do? I thought 2.6 + 2.2 was going to be permanently "not recommended", and 2.7 + 2.2 was going to be the future.
You're going to enjoy Zope 3. ;-)
i know, wish i had time to play with it :( -- Paul Winkler home: http://www.slinkp.com "Muppet Labs, where the future is made - today!"