On May 8, 2012, at 4:36 PM, David Glick wrote: > On 5/8/12 3:34 PM, Dylan Jay wrote: >> Hi, >> >> I noticed https://dev.plone.org/ticket/10959 has now been dropped from >> your list. It's implemented but I need to know if its worth the effort >> in finishing the last remaining test failures. I've asked advice on if >> the FWT wants the implementation or not (see last comment 9 days ago). >> Is this the advice? >> BTW This PLIP has been open almost 2 years. I'd like see some kind of >> resolution to password validation in plone. >> >> > Hey Dylan. I'm sorry we've been dropping the ball on your PLIP since Ross > stepped down from being its champion. (In the case of today's meeting, we > accidentally overlooked a section of our spreadsheet which included this > PLIP.) > > I just familiarized myself with the code, past reviews and conversation, and > my personal feeling is that this is a good change and while there are > reasonable concerns raised in the reviews, we shouldn't let the perfect be > the enemy of the good. > > To touch on some of the specific items that were outstanding in the reviews: > * Yiorgis raised the issue of the initial generated password not necessarily > being compliant with the validation, but you pointed out that this is not a > problem because the user never sees the initial password. That makes sense to > me, so I think this concern is resolved. > * Yiorgis and Ross both raised concerns about whether the PAS API should be > extended (to support limits on password age, say, or to support providing > more specific help text for the password field on a registration form). I > agree these are ideas worth considering, but they are outside the scope of > this PLIP (which is just a tiny change in Plone to make use of the existing > PAS API), orthogonal to it, and should not be blockers. > * Ross said he hadn't tested to make sure the validation is applied during > the password reset process. Can you or someone else please verify that this > works? > * Ross mentioned a test failure in CMFPlone (testGeneratePassword). This > looks trivial to fix if it hasn't been already so we can handle it during > merge. > * Vincent brought up an i18n concern at > https://github.com/plone/plone.app.users/pull/2/files#L1R250 which looks > valid to me. Can you fix that? > * I think you still need to add an upgrade step to plone.app.upgrade to > install the plugin for upgraded sites. >
For me, the test case and upgrade steps should definitely be handled. I'm more concerned about the documentation as a test case than anything (I can't find it anymore actually...). I *think* this should be in the community dev manual. Liz > Any opinions from the rest of you FWT folks? This seems like too much of an > easy win to me to let it drag out longer. > David > > > ---------- > David Glick > Web Developer > davidgl...@groundwire.org > 206.286.1235x32 > > Are you engaging? Find out! Use our free engagement benchmarking tool. > > http://groundwire.org/labs/engagement-strategy/diy-benchmarking-survey > > > _______________________________________________ > Framework-Team mailing list > framework-t...@lists.plone.org > https://lists.plone.org/mailman/listinfo/plone-framework-team _______________________________________________ Framework-Team mailing list framework-t...@lists.plone.org https://lists.plone.org/mailman/listinfo/plone-framework-team