On Dec 2, 2005, at 9:49 AM, Paul Winkler wrote:
You know, some days I wonder why it is that Zope is the only framework around that needs to distinguish between "trusted" and "untrusted" code. Nobody else seems to be looking at us with envy in this regard. Historically I know it was because there was the idea that not-fully-trustworthy people might be able to join your site and then add DTML to it, and you don't want such people allowed to execute arbitrary code ... like the old zope.org site. But does anybody anywhere actually run a site like that nowadays? It's kind of a bizarre idea.
Not really, and that's why Zope 3 has avoided "through the web" code so far. I hope this avoidance continues at least in "the core", whatever that is, but I see rumblings every so often about why this is a can't-live-without thing (with which I strongly disagree). - C