One man's opinion:
- Version support (at the application level) should be optional in 2.7. You should be able to turn it off (maybe through ZConfig). The default should probably be off, since I think more people avoid them than use them.
I would suggest these approaches:
1: File a bug in the collector and be prepared to wait an indefinite time for it to be acted upon.
I had a bug in the collector for that in the 2.3.x times, before the db crashed, IIRC. I fear I'm bad at explaining the issue clear enough, so nobody cared.
2: develop a patch and submit it and/or check it in probably after vetting the change on a branch.
I have definately not enough knowledge to get a fix for that which is acceptable speedwise. And removing the version support is probably not what you want ;).
I'm afraid the only way to get your favorite issue fixed quickly is to fix it yourself.
This is not my favorite issue, non of my sites is really affected by this because there only trusted users are able to write to the ZODB, so they could do much more harm in simpler ways.
The security implications do not seem dire enough to me to warrent trying to squeeze this into 2.6.x. If you do not use versions then none of the implications apply.
This is the important thing that doesn't seem to get through.
These implications _do_ apply! I would be very suprised if I wouldn't be able to inject versioned objects into zope.org, collector.zope.org or squishdot.org for example.
cheers, oliver
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
