[Zope3-dev] RE: FW: Zope security policy
Garrett Smith
garrett at mojave-corp.com
Sun Mar 13 12:25:01 EST 2005
There's also a problem with errant files in package-includes. I recently
had to recreate a Zope instance because something wasn't importing.
How do Zope 2 users deal with upgrades? They must have some site
specific config files that need updating :-/
-- Garrett
Philipp von Weitershausen wrote:
> Garrett Smith wrote:
>> This change:
>>
>>
>>> - Move site-specific security policy decisions into
>>> securitypolicy.zcml -- I'll update both the file in the root as well
>>> as the file in z/a/securitypolicy.
>>
>>
>> will break existing zope instances because it depends on them
>> updating their instance securitypolicy.zcml. This would not make for
>> a very seamless upgrade.
>>
>> Do we have any mechanism for updating instance-specific conf files?
>
> I don't think we have one, but it I really like the Debian way of
> dealing with the upgrade of configuration files:
>
> a. If the file that is to be upgraded hasn't been modified since it
> was installed, just do the upgrade silently.
>
> b. If it has been modified, allow the administrator to decide whether
> he wants the file overridden or wants to apply the upgrade manually.
> In the first case the upgrade mechanism keeps a backup of the old
> modified file (FILE.debian-old or something), in the second case it
> leaves the file alone but puts the new version right next to it
> (FILE.whatever).
>
> While such a mechanism isn't particularly difficult to implement, it
> would mean that the installation script would have to know when a
> config file has been modified since its installation (or the last
> upgrade). This could be done by comparing md5sums, possibly, instead
> of whole files.
>
>> This would be as straight forward as replacing their
>> securitypolicy.zcml in etc if all it contains is the default include.
>
> This case would be equivalent to scenario a) described above.
>
> Philipp
More information about the Zope3-dev
mailing list