Previously Raphael Ritz wrote: > For two reasons I'm not so sure: > > 1. PIL isn't necessarily the most trivial package to install > and as of now be didn't require our users to fiddle with > their Python installation (except for providing an appropriate > version).
I suspect (but I can't prove that) that most users will want to use PIL and they can be divided in two categories: - people who just want Plone to work. These people should use the full installers, which already install PIL as far as I know. This group will also be hurt by image rescaling not working normally - Plone developers who want to work with the Plone stack directly and install from sources (either .tar.gz, .zip or subversion). I would expect this group to have enough clue to be able to install PIL as well. > 2. I do run sites we we didn't install PIL simply because > we aren't specifically dealing with images on them. That puts you firmly into the second category. Looking at the code it should be quite simple to remove the hard PIL dependency though. A (very quick) look at the code does suggest that doing so might introduce a security risk: it will also remove a real sanity-check that a member portrait is an actual image. Something which is nicely exploited by the spam we've been seeing lately on plone sites. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
