On 9/12/06, Helge Tesdal <[EMAIL PROTECTED]> wrote:
On 3:12 pm 09/12/06 Martin Aspeli <[EMAIL PROTECTED]> wrote:
> I think a dependency is probably OK, even though it would annoy me to
> have to do it for all development instances. The swinger for me is
> the recent security problems that we've had to use PIL to get around.
Is it possible to disable member portraits if PIL is not installed?
It's not possible to start Plone if PIL is not installed currently
(due to the member image fix). PIL is included in all the installers
AFAIK, and is a package in every distro I've known. So installing PIL
is generally as easy as installing python (whether you use your distro
packages or sompile from source). It can also be as easy as doing:
easy_install -f http://www.pythonware.com/products/pil/ Imaging
If you don't want to use distro packages. If someone can point to a
sane way to make the import conditional without reopening the spam
hole, that would be great. But, it's not really possible AFAICT to
tell whether member portraits are going to be a problem or not at
startup time. Perhaps we can have a config flag that when disabled
makes the image check/transform a no-op, but that doesn't seem too
helpful as it still requies monkeying with the source. The spam issue
is too serious to allow the fix to be disabled automatically if PIL is
not present (whatever warning we show during startup will likely be
ignored).
Alec
_______________________________________________
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team
