[Zope-Coders] new zLOG

[Guido van Rossum]

> On Tuesday 26 November 2002 1:41 pm, Guido van Rossum wrote:
> 
> > I propose that there be some interface where Zope (or any setuid
> > program) can call e.g. zLOG.initialize_later() immediately after
> > importing zLOG, and if this hasn't been called by the time LOG() is
> > called for the first time, the first LOG() call calls initialize().

[Toby Dickenson]
> I dispute the need for this interface.

OK, so then you believe that simply calling initialize() from the first
LOG() call is sufficient?  That's fine with me too.

> It should be easy to find potential calls to LOG before such a
> program drops root. If so, it should also be easy to disable those
> calls in the application, rather than at ZLOG level.
> 
> If it is not easy to find out exactly what your program does before
> dropping root privelidges then you already have bigger problems.
> 
> > This new interface could be called from z2.py.
> 
> That would solve a 'problem' that only exists due to the stupidity
> of the stupid log file. However it would be a disservice to all
> other sensible forms of logging such as syslog (Ive not looked at
> the new logging package, I hope it has some other choices).

I don't disagree.  I was just throwing Chris a bone, since he cares
much about this issue.  I also note that calling initialize() from the
first LOG() call requires having a global variable whose value
indicates whether this is the first LOG() call; all my proposed
interface would add is a defined API to set this variable to pretend
the first LOG() call has already happened. :-)

> (Yes, I agree the stupid log file is sometimes useful, and you dont
> always care about its insecurity. I assert that you wont be starting
> Zope as root in all such cases)

Indeed.

--Guido van Rossum (home page: http://www.python.org/~guido/)