b) We still (with OR without this change) have the problem that the history implementation is very broken if you're using access control. It's a hard problem (the semantics of full access control across a versioned repository could be difficult to define), but the current approach basically just ignores the ACLs entirely - so anyone can read objects from their history locations (obviously, this requires _finding_ those objects, which isn't easy, but it's not too hard either). I think we really need to think about what solutions we can come up with for this problem.
Anything you can propose to get this started?
Oliver
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
