[Zope-CMF] Proposed default workflow policy change

[Jonathan Corbet]

> One goal was to
> prevent random users from uploading random content that is immediately
> visible, which can be a security hazard. But this goal may be misguided
> because we're not talking about random users.  Presumably anyone who is
> a member has some degree of trust.

I, too, have to disagree - with what we have in mind, we want membership to
be relatively easy, but we need a fair amount of control over what actually
goes up on our URL.  I think the current policy works better - at least,
for us.

I had a related concern, actually.  We have to fear things like somebody
creating an account, then posting (with a script) so many pending items
that the system gets buried under them.  I've figured we'll need to make a
modified workflow that implements some sort of pending queue quota (and,
perhaps, quotas in general) to defend against this sort of thing.

jon

Jonathan Corbet
Executive editor, LWN.net
corbet@lwn.net