Re: [Zope] Forum

2011-01-06 Thread Ricardo Newbery 


Not sure about "integration" but GroupServer is built on Zope.

http://groupserver.org/

Cheers,
Ric



On Jan 6, 2011, at 6:09 AM, Richard Harley wrote:

> Hello all
> 
> Are there any current forums which integrate into Zope nicely? I have 
> tried Zforum and Squishdot in the past but I don't think either of these 
> two have been updated in quite a while?
> 
> Thanks
> Rich
> ___
> Zope maillist  -  Zope@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
> 

___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] apache rules with zope

2009-09-04 Thread Ricardo Newbery 


> - Original Message -
> From: "Thomas Bennett" 
>
>
>> I'm trying to serve the files on the underlying directories straight
>> through
>> apache with no zope interaction.
>>
>> My main site has all content on zope.  I now have content also on the
>> filesystem I want to server without leaving the site.  From
>> http://wiki.zope.org/zope2/ZopeAndApache I found I could supposedly  
>> use a
>> rewrite condition to do such. So usiing the rewrite condition:
>>
>> RewriteCond %{REQUEST_URI} !^/(usage|zusage|ead2002|asu_ead)
>>
>> I thought would work.  I have found why the usage and zusage  
>> directories
>> work,
>> there is a usage and zusage directory on the zope system so it  
>> hasn't been
>> using the file system at all for any of them.
>>
>> Below is the excerpt from wiki.zope.org that explains how to do this,
>> which
>> doesn't work for me.
>>
>> "A lot of site content is in Zope, some parts are served directly by
>> apache
>>
>> For this, we use the RewriteRule? where everything is inside Zope,  
>> but
>> slap a
>> RewriteCond? in front of it:
>> RewriteCond %{REQUEST_URI} !^/(stats|manual|static_images)
>> RewriteRule ^(.*) \
>> http://127.0.0.1:8080/VirtualHostBase/\
>> http/%{SERVER_NAME}:80/www_example_com/VirtualHostRoot$1 [L,P]
>



Perhaps RewriteCond doesn't support the alternation syntax in the  
conditional pattern.  Not sure as I never use RewriteCond.  Most cases  
are easier written with just RewriteRules alone, like so:

RewriteRule ^/(stats|manual|static_images) - [L]
RewriteRule ^(.*) \
http://127.0.0.1:8080/VirtualHostBase/\
http/%{SERVER_NAME}:80/www_example_com/VirtualHostRoot$1 [P]

Ric





___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-24 Thread Ricardo Newbery 
Ryan,

Thanks for the quick work on resolving this.  :-)

Ric



On Jul 24, 2009, at 10:15 AM,  wrote:

> Ok, the final analysis is as follows:
>
> We had an incorrect version regex that matched 2.10 the same as  
> 2.1.  This issue seems to only affect zope version 2.0 through  
> 2.5.01.  This lead to the vulnerability showing up with recent  
> versions of zope being scanned.
>
> We are fixing both the regex and the suggested fix.  The new  
> suggested fix will be to update to the appropriate version of zope  
> (in this case, post 2.5.01), not to replace it with something else.   
> This fix should be updated within the next week or so.
>
> If you have any further questions pertaining to McAfee (or  
> Foundstone) security reports, please feel free to contact me  
> directly, or via secur...@mcafee.com.  I am not a full time member  
> of this list, so I may not see any replies or questions made only to  
> the list.
>
>
> -Original Message-
> From: Permeh, Ryan
> Sent: Friday, July 24, 2009 9:53 AM
> To: li...@zopyx.com
> Cc: zope@zope.org
> Subject: RE: [Zope] HTTP Request Denial of Service Vulnerability
>
> It is not related the specified hotfix.  I'm getting details now,  
> but this is how it seems:
> 1. this is from the Foundstone product, not a public advisory.  The  
> Foundstone product is a vulnerability scanner, and it seems that it  
> feels that the original poster's site is vulnerable to the stated  
> issue.
> 2. The vulnerability check was written and published in 2002.
> 3. I am looking into details regarding both what the details of this  
> issue originally were, and what we look for to trigger it's existence.
>
> This leads to a couple observations.
>
> 1.  This is likely a false positive, unless the original poster was  
> running ridiculously old software.
> 2. We will fix the check logic or remove the check entirely.  Checks  
> this old rarely add much value to the product
> 3. In any case, if the check stays, we will update the text.  I'm  
> not sure who wrote the original text in 2002, but it obviously  
> doesn't apply now.
>
>
> -Original Message-
> From: Andreas Jung [mailto:li...@zopyx.com]
> Sent: Friday, July 24, 2009 9:43 AM
> To: Permeh, Ryan
> Cc: zope@zope.org
> Subject: Re: [Zope] HTTP Request Denial of Service Vulnerability
>
> Hi,
>
>
>
>
> On 24.07.09 18:24, ryan_per...@mcafee.com wrote:
>> I manage product security at McAfee, of which Foundstone is a  
>> part.  I am not aware of releasing such an advisory, and am looking  
>> into this.  Could we get details regarding where this was found?   
>> Was this posted to a web site?  A security mailing list?  And when  
>> was it posted?  This may have a very different meaning if it was  
>> published in 2001 or something like that.  Alternately, Foundstone  
>> produces a vulnerability management software, was this in a report  
>> generated by that product?
>>
>>
> I have no idea what you are talking about.
>
> We had this strange mail thread this week:
>
> http://mail.zope.org/pipermail/zope/2009-July/175308.html
>
> related to this hotfix
>
> http://www.zope.org/Products/Zope/Hotfix-2008-08-12
>
> Now how is this related to " HTTP Request Denial of Service  
> Vulnerability" ???
>
> I can not find anything related to the subject within the list of  
> our hotfixes (which is pretty small since 2000):
>
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-21 Thread Ricardo Newbery 

On Jul 19, 2009, at 11:04 PM, TsungWei Hu wrote:

> The observation and recommendation is specifically generated by  
> Foundstone Labs' software.
> It's my fault to suggest that might be related to Hotfix-2008-08-12.
> From my side, I will try to stop improper information from  
> Foundstone lab.
>
> Thanks, marr


Which Foundstone software/service generated this bogus advisory?   
Details please.

Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Ricardo Newbery 

It might be premature to blame this on Foundstone.  I can't seem to  
find this security advisory online at all.  No advisory id was  
included nor any reference at all and the recommendation doesn't look  
at all like what usually comes from a legit advisory.  I smeil a fake.

Ric



On Jul 19, 2009, at 7:55 PM, Chris McDonough wrote:

> I just sent the below via http://www.foundstone.com/us/contact-form.aspx 
>  .  I'd
> suggest that others do the same; this company is totally wrong about  
> this
> conclusion...
>
> You recently issued a security warning to the effect:
>
> """
> = Name =
>
> Zope HTTP Request Denial of Service Vulnerability
>
> = Description =
>
> A vulnerability in Zope may allow a remote attacker to manually  
> shutdown the system.
>
> = Observation =
>
> The Zope Web Content Management system has been identified with a  
> critical
> denial of service vulnerability. A malicious attacker could manually  
> shutdown
> the target system remotely via a custom web HTTP field request. This
> vulnerability is especially dangerous as the "kill" packet can be  
> completely
> forged thereby increasing the difficulty when tracking would be  
> intruders and
> attackers.
>
> = Recommendation =
>
> Although the Zope development environment is one of the largest and  
> most widely
> supported open source web content management solutions, it has been  
> plagued with
> exploitable vulnerabilities. Due to the nature of the software and  
> shear number
> of vulnerabilities, Foundstone Labs recommends you consider  
> utilizing a
> different content management solution and at a minimum upgrade your  
> software.
> Zope updates can be freely downloaded from www.zope.org
> """
>
> Your conclusion here is wrong.  This particular "vulnerability" is  
> for Zope
> installations who offer the ability for *untrusted users* to add  
> code through
> the web.  This is not the default setup; a user needs to explicitly  
> enable such
> a setup. The conclusion is akin to saying that people should not use  
> Zope
> because they might do something bad to Zope if they have access to the
> administrative interface.  This is the case with *any* application  
> server or
> content management system.
>
> I'd suggest getting a little more knowledge about your material  
> before scaring
> folks.  The Zope folks do full-disclosure of all vulnerabilities;  
> it's up to you
> to discern the "scary" ones from the "ho hum" ones. This is  
> definitely a ho-hum
> one, and in no way deserves this conclusion.
>
> On 7/19/09 10:42 PM, Chris McDonough wrote:
>> I have no idea who "Foundstone Labs" is, nor if the denial of service
>> vulnerability they're talking about is indeed the one fixed by
>> http://www.zope.org/advisories/advisory-2008-08-12/ but:
>>
>> a) if it is, if you read it closely, you'll note that it's for Zope  
>> instances
>> where untrusted users have unrestricted access to the ZMI and the  
>> ability to add
>> Python Scripts.  Do you have such a setup?
>>
>> b) Zope has historically been *very* secure; this company is utterly,
>> completely, and hopelessly clueless (nor can they spell "sheer").   
>> If you want
>> *real* security horror, I'd suggest taking their advice and  
>> "upgrading" to any
>> PHP based solution. ;-)
>>
>> - C
>>
>>
>> On 7/19/09 10:06 PM, TsungWei Hu wrote:
>>> I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a
>>> security notice as follows. Is it sufficient to fix this just  
>>> installing
>>> http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/
>>>
>>> = Name =
>>>
>>> Zope HTTP Request Denial of Service Vulnerability
>>>
>>> = Description =
>>>
>>> A vulnerability in Zope may allow a remote attacker to manually  
>>> shutdown
>>> the system.
>>>
>>> = Observation =
>>>
>>> The Zope Web Content Management system has been identified with a
>>> critical denial of service vulnerability. A malicious attacker could
>>> manually shutdown the target system remotely via a custom web HTTP  
>>> field
>>> request. This vulnerability is especially dangerous as the "kill"  
>>> packet
>>> can be completely forged thereby increasing the difficulty when  
>>> tracking
>>> would be intruders and attackers.
>>>
>>> = Recommendation =
>>>
>>> Although the Zope development environment is one of the largest  
>>> and most
>>> widely supported open source web content management solutions, it  
>>> has
>>> been plagued with exploitable vulnerabilities. Due to the nature  
>>> of the
>>> software and shear number of vulnerabilities, Foundstone Labs  
>>> recommends
>>> you consider utilizing a different content management solution and  
>>> at a
>>> minimum upgrade your software. Zope updates can be freely downloaded
>>> from www.zope.org
>>>
>>>
>>> 
>>>
>>> ___
>>> Zope maillist  -  Zope@zope.org
>>> http://mail.zope.org/mailma

Re: [Zope] Mod_Rewrite port 8080

2009-04-06 Thread Ricardo Newbery 

On Apr 6, 2009, at 10:01 AM, Bobby wrote:

>
> Hi,
>
> I want to use mod_rewrite on Apache to redirect http://internal:80/internal 
>  to http://internal:8080/internal so that when the user request 
> http://internal:80/internal 
> , the Zope folder foo will be served up. I still want http://internal:80/ 
>  to stay intact so that the contents from port 80 will still be  
> served; just the http://internal:80/internal to point to the Zope  
> folder http://internal:8080/internal. Hope that makes sense. Could  
> someone help me out with the syntax?  Tried the syntax below but not  
> getting desired results. Thanks!
>
> 
> ServerName internal
> RewriteEngine On
> RewriteRule ^/(.*) 
> http://internal:8080/VirtualHostBase/http/internal:80/internal/VirtualHostRoot/$1
>  
>  [L,P]
> 



http://www.google.com/search?q="Virtual+Host+Monster"+"Inside+Out";

> RewriteRule ^internal/(.*) 
> http://internal:8080/VirtualHostBase/http/internal:80/internal/VirtualHostRoot/_vh_internal/$1
>  
>  [P]



Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] How do I migrate CacheFu

2008-04-16 Thread Ricardo Newbery 


On Apr 16, 2008, at 6:59 PM, Manuel Vazquez Acosta wrote:


Hi all,

I'm moving a Plone site from one server to another. At the same time I
have upgraded Plone 2.5 to 2.5.5.

I have managed to move all contents without major problems.

Now I'm dealing with CacheFu. It refuses to enabled. I digged into the
code and notice this:

265 if installed_version != __version__:
266  	# CacheSetup hasn't migrated yet so let's disable  
it.

267 field = self.getField('enabled')
268 if field is None:
269 self._updateSchema()
270 elif field.get(self) == True:
271 field.set(self, False)
272 if getToolByName(self, config.PAGE_CACHE_MANAGER_ID,
None) is not None:
273  ->  enableCacheFu(self, False)
274 
(Pdb) installed_version != __version__
True
(Pdb)


So it seems I have not properly migrated CacheFu. How do I do that?

Best regards,
Manuel.



You are on the wrong list.  Try the plone-users list instead.

Ric




___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] merging zodb's

2008-04-01 Thread Ricardo Newbery 


On Apr 1, 2008, at 3:29 PM, David Bear wrote:

I have a zodb from a dead zope instance that I wanted to merge in to  
another
running zope. I thought I could use a mount point to do this and  
just specify

the old zodb for the storage in my mount point.

alas, this did not work as expect. After making the modification in my
zope.conf like this:


   # ssw file store
   
 path $INSTANCE/var/srvx-Data.fs
   
   mount-point /support


And then restarting zope and adding the mount point -- I see nothing
underneath it.

So, I assume this is NOT a valid way to merge to zodb's together?

Does anyone have an suggestions on a way I might combine 2 zodb's?



This is not well documented but I believe you can only mount a subitem  
from the database, not the root of the database.  So rename the mount  
point to the name of the subitem you want to mount and I think it  
should work.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Zeo and conflict resolution (was "suddenly confused")

2008-01-30 Thread Ricardo Newbery 


On Jan 30, 2008, at 1:39 PM, Chris McDonough wrote:


Ricardo Newbery wrote:

On Jan 30, 2008, at 12:59 PM, Tres Seaver wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:

Has anyone given thought to maybe providing a more general class  
with
conflict resolution in the core distribution?  The Length class  
works

for simple counters and I guess it can also be used for just simple
assignments, but what about something more complicated, perhaps  
with

some sort of factory defined at the moment of instantiation?

Assuming this is even possible, having such a general purpose
conflict resolution class defined in the Zope products directory
might make it easier to distribute a third-party product that  
needs a

little conflict resolution.  Just a thought.


Custom CR code is *hard* to get right:  most people would be  
better off

using stock code (e.g., on of the tree types defined in the BTrees
package, or Length).  Those who can get it right aren't likely to  
need

their hands held.  ;)
I meant easier for the end user, not the developer.  It's kind of  
complicated right now to explain how to set up a ZEO configuration  
to work with your third-party product.  Makes it a bit of hurdle  
to distribute such a thing for general use.
Oops, I just realized that Length won't work for simple  
assignments as the conflict resolution assumes it's trying to  
resolve a counter (which should have been obvious, I know).  Is  
there zope core class I can use for a simple assignment, that  
maybe resolves conflicts by just picking the last value assigned?


There is no such thing as the "last value" during a conflict (only  
three states: what's in the database, and the two conflicting  
states: what connection1 says, and what connection2 says).  If the  
values are always going to have a __cmp__ method or if they can be  
otherwise compared (like integers), and if you're willing to accept  
the "highest" of the three states, you might use the conflict  
resolution policy of Products.Transience.Transience.py.Increaser.



Great, that's exactly what I need.  Thanks.

I also noticed another interesting option for a counter at  
Products.Transience.Transience.Length2.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Zeo and conflict resolution (was "suddenly confused")

2008-01-30 Thread Ricardo Newbery 


On Jan 30, 2008, at 12:59 PM, Tres Seaver wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:


Has anyone given thought to maybe providing a more general class with
conflict resolution in the core distribution?  The Length class works
for simple counters and I guess it can also be used for just simple
assignments, but what about something more complicated, perhaps with
some sort of factory defined at the moment of instantiation?

Assuming this is even possible, having such a general purpose
conflict resolution class defined in the Zope products directory
might make it easier to distribute a third-party product that needs a
little conflict resolution.  Just a thought.


Custom CR code is *hard* to get right:  most people would be better  
off

using stock code (e.g., on of the tree types defined in the BTrees
package, or Length).  Those who can get it right aren't likely to need
their hands held.  ;)



I meant easier for the end user, not the developer.  It's kind of  
complicated right now to explain how to set up a ZEO configuration to  
work with your third-party product.  Makes it a bit of hurdle to  
distribute such a thing for general use.


Oops, I just realized that Length won't work for simple assignments  
as the conflict resolution assumes it's trying to resolve a counter  
(which should have been obvious, I know).  Is there zope core class I  
can use for a simple assignment, that maybe resolves conflicts by  
just picking the last value assigned?


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Zeo and conflict resolution (was "suddenly confused")

2008-01-30 Thread Ricardo Newbery 


On Jan 30, 2008, at 11:17 AM, Tres Seaver wrote:


Ricardo Newbery wrote:

Okay, then assuming you've installed ZEO from Zope software,
if your third-party product includes conflict resolution by
instantiating a class defined in the Zope product directory, then is
it also safe to assume that this product resolution is still
available to the ZEO server?  For example, if I have the following in
MyProduct:

from BTrees import Length

class MyClass(...):
 _count = None

 def incrementCount(self):
 if self._count is None:
 self._count = Length.Length()
 self._count.change(1)

 def getCount(self):
 return self._count()

Then do I have to make MyProduct.MyClass available to ZEO or is it
enough that BTrees.Length is available?


That is enough:  the Length class derives from Persistent, which means
that handle their own conflict resolution:  as long as your product  
doss
no conflict resolution of its own, it doesn't need to be imported  
by the

storage server.

Tres.



Great, thanks.

Has anyone given thought to maybe providing a more general class with  
conflict resolution in the core distribution?  The Length class works  
for simple counters and I guess it can also be used for just simple  
assignments, but what about something more complicated, perhaps with  
some sort of factory defined at the moment of instantiation?


Assuming this is even possible, having such a general purpose  
conflict resolution class defined in the Zope products directory  
might make it easier to distribute a third-party product that needs a  
little conflict resolution.  Just a thought.


Ric





___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: suddenly confused

2008-01-30 Thread Ricardo Newbery 


On Jan 30, 2008, at 10:42 AM, Dieter Maurer wrote:


Ricardo Newbery wrote at 2008-1-29 01:19 -0800:

...
Apologies for jumping late in this thread but how precisely should
"App.FindHomes" be imported?


Someone else reported about a ZEO patch that does the same thing
without a need to import "App.FindHomes".

If you have Zope installed and ZEO is running
in the Zope installation (shares its code), then "import  
App.FindHomes"

in sufficient to import "App.FindHomes".



Any plans to incorporate either of these solutions in the next  
release?  I would like to avoid trying to explain how to do this to  
users of a third-party product that needs to be accessible to ZEO.




And a related question.  Any suggestions on how to support multiple
product directories like a non-zeo config?  I checked already and
zeo.conf doesn't appear to support the "products" directive.


"App.FindHomes" can be controlled via the envvar "PRODUCTS_PATH".
If defined, it is a "pathsep" separated sequence of directories
where Zope should look for products.
It may contain "%()s" patterns with "" from
"PRODUCTS_PATH", "SOFTWARE_PRODUCTS" and "INSTANCE_PRODUCTS".
In these cases, the pattern is replaced by the corresponding path.



Ahh... this sounds good.  So, assuming App.FindHomes in imported,  
then all I would need to explain is how to add the necessary "export"  
lines to zeo.conf?  (or maybe zeoctl?)


Thanks,
Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Zeo and conflict resolution (was "suddenly confused")

2008-01-30 Thread Ricardo Newbery 


On Jan 30, 2008, at 9:32 AM, Tres Seaver wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:


Another related question.  With respect to conflict resolution, is is
safe to assume that products (with _p_resolveConflict methods) in the
main Zope products directory are already available to the ZEO server
without any special configuration?


Only if you installed the ZEO server instance from a Zope  
software;  if
you installed it via a "ZODB-only" installation, then the products  
won't
be available (because they aren't shipped with the standalone ZODB  
tarball).



Thanks.  Okay, then assuming you've installed ZEO from Zope software,  
if your third-party product includes conflict resolution by  
instantiating a class defined in the Zope product directory, then is  
it also safe to assume that this product resolution is still  
available to the ZEO server?  For example, if I have the following in  
MyProduct:


from BTrees import Length

class MyClass(...):
_count = None

def incrementCount(self):
if self._count is None:
self._count = Length.Length()
self._count.change(1)

def getCount(self):
return self._count()

Then do I have to make MyProduct.MyClass available to ZEO or is it  
enough that BTrees.Length is available?


Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Zeo and conflict resolution (was "suddenly confused")

2008-01-29 Thread Ricardo Newbery 


On Jan 29, 2008, at 1:19 AM, Ricardo Newbery wrote:


On Jan 19, 2008, at 10:39 AM, Dieter Maurer wrote:

  Zope uses Python import magic to make packages available
  in "INSTANCE_HOME/Products" as additional products in
  the "Products" package.

  If some of these products need application specific conflict
  resolution, the ZEO server needs to activate this
  import magic -- by importing Zope's "App.FindHomes".

--  
Dieter



Dieter,

Apologies for jumping late in this thread but how precisely should  
"App.FindHomes" be imported?


And a related question.  Any suggestions on how to support multiple  
product directories like a non-zeo config?  I checked already and  
zeo.conf doesn't appear to support the "products" directive.


Ric



Another related question.  With respect to conflict resolution, is is  
safe to assume that products (with _p_resolveConflict methods) in the  
main Zope products directory are already available to the ZEO server  
without any special configuration?


Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: suddenly confused

2008-01-29 Thread Ricardo Newbery 


On Jan 19, 2008, at 10:39 AM, Dieter Maurer wrote:


Tres Seaver wrote at 2008-1-18 21:06 -0500:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Bear wrote:

I'm doing my first zeo setup, and suddenly I'm not sure about my
products directory. Do I put all products in a products directory of
the zeo server or in each zope instance?


Normally the ZEO server doesn't need to have access to the products,
which are "application code".  The only exception is for products  
which

define classes having application-level conflict resolution:  in such
cases, the ZEO server must be able to import the product (or else the
conflict resolution code is not consulted).


As an additional note:

  Zope uses Python import magic to make packages available
  in "INSTANCE_HOME/Products" as additional products in
  the "Products" package.

  If some of these products need application specific conflict
  resolution, the ZEO server needs to activate this
  import magic -- by importing Zope's "App.FindHomes".

--
Dieter



Dieter,

Apologies for jumping late in this thread but how precisely should  
"App.FindHomes" be imported?


And a related question.  Any suggestions on how to support multiple  
product directories like a non-zeo config?  I checked already and  
zeo.conf doesn't appear to support the "products" directive.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: ZPL and GPL: What should one consider when choosing a license?

2007-12-21 Thread Ricardo Newbery 



On Dec 21, 2007, at 9:48 PM, Alex Turner wrote:


au contraire - it is the ZPL which is anti-sharing in my  
estimation.  You do not have to contribute changes back to a  
project which you extend in a BSD style license, so you can take a  
BSD style licensed product, extend it, and sell it without giving a  
single thing back to the original author of the original system  
except a credit note in the copyright statement.


BSD and ZPL is share and do what you like
GPL is share and share alike

Thats the core philosophy difference.  If you like others to share  
too, then use GPL or LGPL (possibly AGPL actually, GPL doesn't  
gaurentee much of anything for application service providers as  
I've found out, which is probably most people using Plone etc.), if  
you want to give your code away then use BSD/ZPL, if you want  
changes back, then use AGPL.  And if you think it wont happen, it  
already did.  Microsoft took the BSD Kerberos code and re-purposed  
it into Windows, changed the protocol slightly and pissed off many  
people.




I would be careful about using labels like "anti-sharing" to describe  
individual licenses.  As you acknowledged, both licenses are used to  
"share" software.  ZPL-shared software comes with few strings  
attached.  GPL-shared software comes the "share alike" string  
attached.  It's a bit of a semantic question which is more true to  
the spirit of *sharing* so I'm going skip that debate.


Chris McDonough didn't appear to label the GPL as "anti-sharing".  On  
the contrary, it's the existence of *both* licenses in the same  
community that he appears to describe as anti-sharing.  And since in  
the Zope community, the ZPL came first and is the core license, it's  
a legitimate complaint that it's the later adoption of a different  
license by a subcommunity that is the primary culprit.


Ric
(a licensing agnostic)



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: ZPL and GPL: What should one consider when choosing a license?

2007-12-21 Thread Ricardo Newbery 


On Dec 21, 2007, at 12:53 PM, Ross Patterson wrote:
>
> [snip some stuff about GPL versus ZPL]
>


Guys... please don't crosspost.  It's hard to follow a thread like  
this when it gets fragmented across different lists.  If you feel the  
need to solicit advice from multiple communities then IMHO it's much  
more useful (and less likely to devolve into a flame war) to start a  
separate thread for each.


For my part, I'm going to just pick one list and respond there -- I'm  
guessing that zope@zope.org is most germane.


Thanks,
Ric









___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] AssertionError after update to Zope 2.8.1

2005-08-21 Thread Ricardo Newbery 


Oh so close...

Migrated from Zope 2.7.2 to 2.8.1
Updated all the Catalog instances according to the instructions.
Fixed a few outdated products.

Then just for kicks, I tried to update the Python scripts by visiting 
the /manage_addProduct/PythonScripts/recompile url.  After about a 
minute, it threw up an error page.  This is what shows up in the 
log...



2005-08-21T01:56:45 ERROR txn.170046464 Error in abort() on manager 


Traceback (most recent call last):
  File "/Zope-2.8/lib/python/transaction/_transaction.py", line 456, 
in _cleanup

  File "/Zope-2.8/lib/python/ZODB/Connection.py", line 348, in abort
  File "/Zope-2.8/lib/python/ZODB/Connection.py", line 360, in _abort
AssertionError
--
2005-08-21T01:56:45 ERROR Zope.SiteErrorLog 
http://someurl.com/manage_addProduct/PythonScripts/recompile

Traceback (most recent call last):
  File "/Zope-2.8/lib/python/ZPublisher/Publish.py", line 119, in publish
  File "/Zope-2.8/lib/python/Zope2/App/startup.py", line 215, in commit
  File "/Zope-2.8/lib/python/transaction/_manager.py", line 84, in commit
  File "/Zope-2.8/lib/python/transaction/_transaction.py", line 381, in commit
  File "/Zope-2.8/lib/python/transaction/_transaction.py", line 379, in commit
  File "/Zope-2.8/lib/python/transaction/_transaction.py", line 424, 
in _commitResources

  File "/Zope-2.8/lib/python/ZODB/Connection.py", line 462, in commit
  File "/Zope-2.8/lib/python/ZODB/Connection.py", line 483, in _commit
AssertionError


Nothing appears to be broken yet but I'm wondering whether I should 
roll back to my backup.  Anyone have any ideas about this error?  I'm 
tempted to just pretend that I didn't see it.

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )