[Zope3-checkins] CVS: Zope3/src/zope/fssync - README.txt:1.20

Guido van Rossum guido@python.org
Thu, 29 May 2003 17:35:48 -0400


Update of /cvs-repository/Zope3/src/zope/fssync
In directory cvs.zope.org:/tmp/cvs-serv26945

Modified Files:
	README.txt 
Log Message:
More TODO refactoring.


=== Zope3/src/zope/fssync/README.txt 1.19 => 1.20 ===
--- Zope3/src/zope/fssync/README.txt:1.19	Thu May 29 15:27:18 2003
+++ Zope3/src/zope/fssync/README.txt	Thu May 29 17:35:47 2003
@@ -94,9 +94,6 @@
   * When committing a change, shouldn't the mtime in the DC metadata
     be updated?
 
-  * Refine the adapter protocol or implementation to leverage the
-    file-system representation protocol.
-
 - In the sync application:
 
   * Implement diff using difflib.
@@ -124,6 +121,17 @@
 -----------
 
 * Work out security details.
+
+* A commit unpickles user-provided data.  Unpickling is not a safe
+  operation.  Possible solution: have an unpickler that finds globals
+  in a secure way.  Use an import on a security proxy for sys.modules.
+
+* The adapters returned by the fs registry should optionally have
+  a permission associated with them.  If you have an adapter that
+  calls removeAllProxies, the adapter should require a permission.
+
+* Refine the fssync adapter protocol or implementation to leverage the
+  file-system representation (== FTP, WebDAV) protocol.
 
 * In common case where extra data are simple values, store extra data
   in the entries file to simplify representation and updates.  Maybe