Zope-security

==================

- Fix for LP bug 181833 (from Gustavo Niemeyer). Before "visiting" a
sub-object, a check should be made to ensure the object is still valid.
Because garbage collection may involve loops, if you garbage collect an
object, it is possible that the actions done on this object may modify the
state of other objects. This may cause another round of garbage collection,
eventually generating a segfault (see LP bug). The Py_VISIT macro does the
necessary checks, so it is used instead of the previous code.

==================

- Make ``pytz`` a soft dependency: the checker for ``pytz.UTC`` is
created / tested only if the package is already present. Run
``bin/test_pytz`` to run the tests with ``pytz`` on the path.

==================

- Ensure that simple zope.schema's ``VocabularyRegistry`` is used for
``PermissionVocabulary`` tests, because it's replaced implicitly in
environments with ``zope.app.schema`` installed that makes that tests
fail.

- Fix a bug in ``DecoratedSecurityCheckerDescriptor`` which made
security-wrapping location proxied exception instances throw
exceptions on Python 2.5.
See https://bugs.launchpad.net/zope3/+bug/251848

==================

- Add ``zope.i18nmessageid.Message`` to non-proxied basic types. It's okay,
because messages are immutable. Done previously by ``zope.app.security``.

- Add ``__name__`` and ``__parent__`` attributes to list of available by
default. Done previously by ``zope.app.security``.

- Move ``PermissionsVocabulary`` and ``PermissionIdsVocabulary`` vocabularies
to the ``zope.security.permission`` module from the ``zope.app.security``
package.

- Add zcml permission definitions for most common and useful permissions,
like ``zope.View`` and ``zope.ManageContent``, as well as for the special
``zope.Public`` permission. They are placed in a separate
``permissions.zcml`` file, so it can be easily excluded/redefined. They are
selected part of permissions moved from ``zope.app.security`` and used by
many ``zope.*`` packages.

- Add ``addCheckerPublic`` helper function in ``zope.security.testing`` module
that registers the "zope.Public" permission as an IPermission utility.

- Add security declarations for the ``zope.security.permisson.Permission``
class.

- Improve test coverage.

==================

- Use ``from`` imports instead of ``zope.deferred`` to avoid circular
import problems, thus drop dependency on ``zope.deferredimport``.

- Raise ``NoInteraction`` when ``zope.security.checkPermission`` is called
without interaction being active (LP 301565).

- Don't define security checkers for deprecated set types from the
"sets" module on Python 2.6. It's discouraged to use them and
``set`` and ``frozenset`` built-in types should be used instead.

- Change package's mailng list address to zope-dev at zope.org as
zope3-dev at zope.org is now retired.

- Remove old zpkg-related files.

==================

- Install decorated security checker support on ``LocationProxy`` from the
outside.

- Add support to bootstrap on Jython.

- Move the ``protectclass`` module from ``zope.app.security`` to this
package to reduce the number of dependencies on ``zope.app.security``.

- Move the ``<module>`` directive implementation from ``zope.app.security``
to this package.

- Move the ``<class>`` directive implementation from ``zope.app.component``
to this package.