launchpad-dev team mailing list archive

Thread
Date

Re: warning: we will soon have much noise in the test results...

To: Jonathan Lange <jml@xxxxxxxxxxxxx>
From: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
Date: Mon, 26 Jul 2010 11:46:03 +0100
Cc: Robert Collins <robert.collins@xxxxxxxxxxxxx>, Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <AANLkTi=S_nJ93ar8oS-cRQoZWC7LbxHZg7z7=XsWahqP@mail.gmail.com>
Organization: Canonical Ltd
User-agent: KMail/1.13.2 (Linux/2.6.32-23-generic; KDE/4.4.2; x86_64; ; )

On Monday 26 July 2010 11:15:01 Jonathan Lange wrote:
> In Launchpad, we have deliberately registered special ZCML handlers to
> make sure that our utilities are wrapped in security proxies (the
> "securedutility" directive). Thus, getUtility(IFooSet) returns a
> security-proxied IFooSet provider. Methods called on that IFooSet
> provider also return security-proxied objects.

I've seen a proliferation recently of people writing code like:

class FlangeGrobbler:
    @classmethod
    def new(cls, ...)

which completely bypasses the security adapter when returning new objects.

I think this should stop and the code be converted to IFlangeGrobblerSet.new() 
style, or at the very least audited for security concerns.

Follow ups

Re: warning: we will soon have much noise in the test results...
From: Jonathan Lange, 2010-07-26

References

warning: we will soon have much noise in the test results...
From: Abel Deuring, 2010-07-21
Re: warning: we will soon have much noise in the test results...
From: Robert Collins, 2010-07-26
Re: warning: we will soon have much noise in the test results...
From: Jonathan Lange, 2010-07-26