[Zope-dev] Re: Superuser ownership (was "Adding LoginManager at the root")

[mindlace]

Robin Becker wrote:

> What kind of idiotic permissions model is this where God cannot create
> anything? What is the function of the super user if not to manage?
> 
> Seems to be specially designed for bureaucrats, lawyers and politicians.

I feel like this specifically needed to be addressed.  This change in
the ability of superuser stems directly from a security issue common to
all through-the-web interfaces:

http://www.zope.org/Members/jim/ZopeSecurity/TrojanIssueOverview

The superuser cannot create objects, because any object that was owned
by superuser would have permission to do whatever it pleased.

Hope that's a bit more explanatory,

~ethan mindlace fremen
digicool & imeme