The ACL engine is on its way and proceeds quite fast.
I’m writing a lot of unit tests for the code that decides whether or not an action is allowed, because a security breach won’t be easy to spot in a running system. However, I found myself laying out a test for the case in which a user or group has a grant for the root namespace (say, she can edit pages), and no other information is available for a sub-namespace. If namespaces were folders, the permission would be inherited and the user would be allowed to edit pages in the sub-namespace, but namespaces are designed to be more like sub-wikis rather than simple collections of pages. I think they are not semantically nested one into another.
The question is: should permissions be inherited in sub-namespaces from the root namespace? I think they should not, but I’m asking your opinion. The differences in the code are just a few lines, so that is not a problem for once.
Update. After thinking about this problem a little more, and also reading Will’s comment, I think the best option is to inherit permissions from the root namespace. This way ACLs are really an opt-in feature, and administrators don’t have to worry about them if they find the default settings satisfying. Thoughts?