[Zope-dev] Re: Was: Re: 2.7.3 beta attribute permission problems
Stefan H. Holek
stefan at epy.co.at
Sat Oct 23 08:29:12 EDT 2004
Hi Tres!
On 22.10.2004, at 14:38, Tres Seaver wrote:
> Given that the change was required to implement a security fix, and
> without a reproducible test case for the reported breakage, I don't
> think we can credit the rumors. We *definitely* don't want to defer
> the security fix.
I still don't know what the security fix actually fixes, but that may
well be my ignorance ;-). Your checkin message just mentions the
removal of DWIMy code...
There is a test in CMFDefault of CMF-1_4-branch that works in 2.7.2 but
breaks in 2_7-branch, btw. I had no luck reproducing anything like it
with plain Zope yet, unfortunately. Let me reiterate that many a Plone
site will likely break with 2.7.3, something I am not exactly looking
forward to.
A clear description of the issue would certainly help, so people can at
least scan their sources for the "things that worked fine but no longer
do". E.g. consistently using getToolByName instead of relying on
acquisition appears to go a long way. There are pathological cases
though, like when restrictedTraverse fails due to the new access
control.
Thanks,
Stefan
--
The time has come to start talking about whether the emperor is as well
dressed as we are supposed to think he is. /Pete McBreen/
More information about the Zope-Dev
mailing list