Re: [Framework-Team] Re: hard dependency on PIL?
On 3:12 pm 09/12/06 Martin Aspeli <[EMAIL PROTECTED]> wrote: > I think a dependency is probably OK, even though it would annoy me to > have to do it for all development instances. The swinger for me is > the recent security problems that we've had to use PIL to get around. Is it possible to disable member portraits if PIL is not installed? ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
Re: [Framework-Team] Re: hard dependency on PIL?
On 9/12/06, Helge Tesdal <[EMAIL PROTECTED]> wrote: On 3:12 pm 09/12/06 Martin Aspeli <[EMAIL PROTECTED]> wrote: > I think a dependency is probably OK, even though it would annoy me to > have to do it for all development instances. The swinger for me is > the recent security problems that we've had to use PIL to get around. Is it possible to disable member portraits if PIL is not installed? It's not possible to start Plone if PIL is not installed currently (due to the member image fix). PIL is included in all the installers AFAIK, and is a package in every distro I've known. So installing PIL is generally as easy as installing python (whether you use your distro packages or sompile from source). It can also be as easy as doing: easy_install -f http://www.pythonware.com/products/pil/ Imaging If you don't want to use distro packages. If someone can point to a sane way to make the import conditional without reopening the spam hole, that would be great. But, it's not really possible AFAICT to tell whether member portraits are going to be a problem or not at startup time. Perhaps we can have a config flag that when disabled makes the image check/transform a no-op, but that doesn't seem too helpful as it still requies monkeying with the source. The spam issue is too serious to allow the fix to be disabled automatically if PIL is not present (whatever warning we show during startup will likely be ignored). Alec ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
Re: [Framework-Team] Re: hard dependency on PIL?
Previously Alec Mitchell wrote: > It's not possible to start Plone if PIL is not installed currently > (due to the member image fix). PIL is included in all the installers > AFAIK, and is a package in every distro I've known. So installing PIL > is generally as easy as installing python (whether you use your distro > packages or sompile from source). It can also be as easy as doing: > > easy_install -f http://www.pythonware.com/products/pil/ Imaging That is actually not true: the success of that command is bound to be highly dependant on the development packages of the various graphic toolks you have installed. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
Re: [Framework-Team] Re: hard dependency on PIL?
On 9/13/06, Raphael Ritz <[EMAIL PROTECTED]> wrote: Wichert Akkerman schrieb: > Previously Alec Mitchell wrote: >> It's not possible to start Plone if PIL is not installed currently >> (due to the member image fix). PIL is included in all the installers >> AFAIK, and is a package in every distro I've known. So installing PIL >> is generally as easy as installing python (whether you use your distro >> packages or sompile from source). It can also be as easy as doing: >> >> easy_install -f http://www.pythonware.com/products/pil/ Imaging > > That is actually not true: the success of that command is bound to be > highly dependant on the development packages of the various graphic > toolks you have installed. > that's what I meant by saying earlier that PIL isn't necessarily trivial to install. But anyway, I consider my original question answered: it wasn't introduced on purpose in the first place but now that a security-related issue depends on it anyway (the portrait checking) people are willing to accept this. When I introduced the dependency for the portrait fix in 2.5 and 2.1 it was fully intentional. Alec ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
