> Why is that? If we want to be backward compatible, that means if Jackrabbit 1.5 should 'just work' with old repository.xml files, then we need to 'make it work' if no SecurityManager is configured. That means we need to define what is the default security manager.
Once we say 'use the default SecurityManager if not configured' we might as well _not_ log a warning if it is missing. Why insist in having an explicit SecurityManager if it works without it? > -1 for having the security-manager optional. If it is not optional, we are obviously not backward compatible. > someone having an 1.4 configuration with a custom > access manager would be forced to change it anyway. I believe most users use the default settings. Regards, Thomas
