[Zope3-checkins] CVS: Zope3/src/zope/fssync - README.txt:1.20
Guido van Rossum
guido@python.org
Thu, 29 May 2003 17:35:48 -0400
Update of /cvs-repository/Zope3/src/zope/fssync
In directory cvs.zope.org:/tmp/cvs-serv26945
Modified Files:
README.txt
Log Message:
More TODO refactoring.
=== Zope3/src/zope/fssync/README.txt 1.19 => 1.20 ===
--- Zope3/src/zope/fssync/README.txt:1.19 Thu May 29 15:27:18 2003
+++ Zope3/src/zope/fssync/README.txt Thu May 29 17:35:47 2003
@@ -94,9 +94,6 @@
* When committing a change, shouldn't the mtime in the DC metadata
be updated?
- * Refine the adapter protocol or implementation to leverage the
- file-system representation protocol.
-
- In the sync application:
* Implement diff using difflib.
@@ -124,6 +121,17 @@
-----------
* Work out security details.
+
+* A commit unpickles user-provided data. Unpickling is not a safe
+ operation. Possible solution: have an unpickler that finds globals
+ in a secure way. Use an import on a security proxy for sys.modules.
+
+* The adapters returned by the fs registry should optionally have
+ a permission associated with them. If you have an adapter that
+ calls removeAllProxies, the adapter should require a permission.
+
+* Refine the fssync adapter protocol or implementation to leverage the
+ file-system representation (== FTP, WebDAV) protocol.
* In common case where extra data are simple values, store extra data
in the entries file to simplify representation and updates. Maybe