> Does `joinpath` have less validation?

Yes. Previously, resources.* would perform some validation on the path to ensure that it didn't contain path separators (to avoid users attempting to get resources in subdirectories or perhaps manipulating the path in other ways).

So no, they're not equivalent. If `resource_name` or "zones" ever contained path separators, the former implementation would raise an error whereas this implementation would attempt to join those characters to the path. Since "zones" is a static string, it's clearly not affected. And `resource_name` can't have posixpath.sep. If `key` had an ntpath.sep, that might behave differently, but that seemed like an edge case not worth exploring.

If it is worth exploring, I would recommend not to use normalize_path, but instead to implement the validation in zoneinfo._common. That is, wrap key in `_validate_key()` that protects against invalid paths. But in practice, it's better to do that closer to where the unsanitized data would be encountered (if at all).