I made a few attempts at sending this reply, but failed (mmbase.org problems?) Sorry if people get this X times...
> 1) This setting was there since: 2002/03/18 And I have protested against that ever since - not that anyone listened. > 2) This change was made at that point by the security project (correct > or not correct, imho that doesnt matter) The decision was not clear imo - and since this changes the default config (i.e. how mmabase works), it is not a project decision imo. Whether it is correct DOES matter, IMO. > 3) Changing something in cvs since in you dont like it, is not the > correct way. Please notifiy everyone by putting it on the developers > list. As I wrote, I was under the impression that this change was temporary - the security project is finished, IIRC, so I changed it back. Anyway, as there was no vote, the change was not valid, and therefor could be rolled back. > 4) If we want to change it to another implementation, it is possible, > but there should try to start discussion on developers list FIRST(or > post a hack, etc...) Which should be started by the project - not by me. My view is that: a) security systems shouldn't change every release b) the cloud security is, imo, not really finished - it seems a rather weak and slow system, though I may be mistaken of how it works. I foresee that people will not be pleased with it and we will have to replace it _again_. Which is why I don't want to replace the system _now_. c) I don't want a system that installs builders I have difficulty getting rid off when I don't want to use it, rather than placing an xml file I can delete with no problems. d) If the one problem is to tell a user where to change the admin password, I think that - again - we are lacking documentation, NOT a properly working security system. -- Pierre van Rooden Mediapark, C 107 tel. +31 (0)35 6772815 "So long, and thanks for all the fish"
