small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

Oliver Bleutgen myzope@gmx.net
Fri, 06 Jun 2003 15:54:56 +0200


Casey Duncan wrote:
> One man's opinion:
> 
> - Version support (at the application level) should be optional in 2.7. You 
> should be able to turn it off (maybe through ZConfig). The default should 
> probably be off, since I think more people avoid them than use them.
> 
> I would suggest these approaches:
> 
> 1: File a bug in the collector and be prepared to wait an indefinite time for 
> it to be acted upon.

I had a bug in the collector for that in the 2.3.x times, before the db 
crashed, IIRC. I fear I'm bad at explaining the issue clear enough, so 
nobody cared.

> 2: develop a patch and submit it and/or check it in probably after vetting the 
> change on a branch.

I have definately not enough knowledge to get a fix for that which is 
acceptable speedwise. And removing the version support is probably not 
what you want ;).

> I'm afraid the only way to get your favorite issue fixed quickly is to fix it 
> yourself.

This is not my favorite issue, non of my sites is really affected by 
this because there only trusted users are able to write to the ZODB, so 
they could do much more harm in simpler ways.

> The security implications do not seem dire enough to me to warrent trying to 
> squeeze this into 2.6.x. If you do not use versions then none of the 
> implications apply. 

This is the important thing that doesn't seem to get through.
These implications _do_ apply! I would be very suprised if I wouldn't be 
able to inject versioned objects into zope.org, collector.zope.org or 
squishdot.org for example.



cheers,
oliver