date:20061217

[Zope-CMF] CMF Collector: Open Issues

2006-12-17 Thread tseaver

The following supporters have open issues assigned to them in this collector
(http://www.zope.org/Collectors/CMF).

Assigned and Open


  mhammond

- Windows DevelopmentMode penalty in CMFCore.DirectoryView,
  [Accepted] http://www.zope.org/Collectors/CMF/366


Pending / Deferred Issues

- FSPropertiesObject.py cannot handle multiline input for lines, text 
attributes,
  [Deferred] http://www.zope.org/Collectors/CMF/271

- Can't invalidate skin items in a RAMCacheManager,
  [Pending] http://www.zope.org/Collectors/CMF/343

- workflow notify success should be after reindex,
  [Deferred] http://www.zope.org/Collectors/CMF/389

- Possible bug when using a BTreeFolder Member folder,
  [Pending] http://www.zope.org/Collectors/CMF/441

- Proxy Roles not Working/Applied to Worflow Transition Scripts,
  [Pending] http://www.zope.org/Collectors/CMF/449

- safe_html filters some tags which should probably not be filtered,
  [Pending] http://www.zope.org/Collectors/CMF/452

- purge_old in runAllImportSteps not working,
  [Pending] http://www.zope.org/Collectors/CMF/455

- PUT handling for Events is broken,
  [Pending] http://www.zope.org/Collectors/CMF/458


Pending / Deferred Features

- Favorite.py: queries and anchors in remote_url,
  [Pending] http://www.zope.org/Collectors/CMF/26

- DefaultDublinCore should have Creator property,
  [Pending] http://www.zope.org/Collectors/CMF/61

- Document.py: universal newlines,
  [Pending] http://www.zope.org/Collectors/CMF/174

- portal_type is undefined in initialization code,
  [Pending] http://www.zope.org/Collectors/CMF/248

- CMFTopic Does Not Cache,
  [Deferred] http://www.zope.org/Collectors/CMF/295

- Wishlist: a flag that tags the selected action.,
  [Pending] http://www.zope.org/Collectors/CMF/301

- CMFDefault should make use of allowCreate(),
  [Pending] http://www.zope.org/Collectors/CMF/340

- Nested Skins,
  [Deferred] http://www.zope.org/Collectors/CMF/377

- CatalogVariableProvider code + tests,
  [Pending] http://www.zope.org/Collectors/CMF/378

- manage_doCustomize() : minor additions,
  [Pending] http://www.zope.org/Collectors/CMF/382

- CMF needs View-based TypeInformation,
  [Pending] http://www.zope.org/Collectors/CMF/437

- Marker attributes should be deprecated,
  [Pending] http://www.zope.org/Collectors/CMF/440



___
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

[Zope-CMF] CMF Tests: 8 OK, 1 Failed

2006-12-17 Thread CMF Tests Summarizer

Summary of messages to the cmf-tests list.
Period Sat Dec 16 12:00:00 2006 UTC to Sun Dec 17 12:00:00 2006 UTC.
There were 9 messages: 9 from CMF Unit Tests.


Test failures
-

Subject: FAILED (failures=3) : CMF-trunk Zope-trunk Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:55:21 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003550.html


Tests passed OK
---

Subject: OK : CMF-1.5 Zope-2.7 Python-2.3.6 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:43:21 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003542.html

Subject: OK : CMF-1.5 Zope-2.8 Python-2.3.6 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:44:51 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003543.html

Subject: OK : CMF-1.5 Zope-2.9 Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:46:21 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003544.html

Subject: OK : CMF-1.6 Zope-2.8 Python-2.3.6 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:47:51 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003545.html

Subject: OK : CMF-1.6 Zope-2.9 Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:49:21 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003546.html

Subject: OK : CMF-2.0 Zope-2.9 Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:50:51 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003547.html

Subject: OK : CMF-2.0 Zope-2.10 Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:52:21 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003548.html

Subject: OK : CMF-trunk Zope-2.10 Python-2.4.4 : Linux
From: CMF Unit Tests
Date: Sat Dec 16 21:53:51 EST 2006
URL: http://mail.zope.org/pipermail/cmf-tests/2006-December/003549.html

___
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Re: [Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

2006-12-17 Thread Jens Vagelpohl


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 17 Dec 2006, at 18:52, Dieter Maurer wrote:

The description indicates in what direction the CPM should get fixed:

  * If the response already provides cache control, the CPM should
not override it, as it is likely that the specific information
available to the response generating process is more trustworthy
then the general CPM policies.

This is arguable, especially as it changes the current behaviour.
Maybe, it should be controlled by an additional configuration  
option.


I don't know if it is possible to have any sane policy about what to  
do if the response already has caching headers. First of all, when  
should this exception policy trigger? Which headers should tell the  
CPM that someone else already decided on caching? Secondly, what is  
the behavior supposed to be? Do nothing? DWIM? This obviously  
needs exact specifications and use cases.




  * The CPM (and Zope's HTTP Cache Manager) must set cache headers
only based on the object that generated the (complete) response
entity and not based on other objects called during the request
(and probably only responsible for part of the entity).


As mentioned in my reply to your collector issue, there are fixes on  
the CMF trunk already and you should look at those to see if they fix  
your problem.


jens


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFhZMRRAx5nvEhZLIRAgp4AJ4xW89Oc5TyTnPbC6rrLC3vSrlS5QCfROEF
JovmnmAqrjWjd+cgZC/QqsQ=
=1yup
-END PGP SIGNATURE-
___
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

[Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

2006-12-17 Thread Dieter Maurer

Crosspost: 'Reply-To' set to 'zope-cmf'.

We nearly escaped a catastrophy: a page with sensitive personal
information ended in a shared cache and was delivered to arbitrary
people. This happened despite the fact that the template generating
the page contained a response.setHeader('Cache-Control', 'no-cache')
(and related headers for non HTTP/1.1 clients).

The analysis quickly revealed broken design in the
CMF Caching Policy Manager (CPM)
as the cause:

  *  it has applied its general policy depite the fact that
 the template itself has provided more adequate decisions with
 respect to caching

  *  the caching policy manager action affects the complete response.
 Therefore, only the top level object, the object that controls
 the response content, should influence the CPM decisions.

 In the concrete case, the primary template did not trigger
 the CPM but the call of a secondary template responsible only for a tiny
 part of the response.

The same problem also affects Zope's HTMLCacheManager.


The description indicates in what direction the CPM should get fixed:

  * If the response already provides cache control, the CPM should
not override it, as it is likely that the specific information
available to the response generating process is more trustworthy
then the general CPM policies.

This is arguable, especially as it changes the current behaviour.
Maybe, it should be controlled by an additional configuration option.

  * The CPM (and Zope's HTTP Cache Manager) must set cache headers
only based on the object that generated the (complete) response
entity and not based on other objects called during the request
(and probably only responsible for part of the entity).


-- 
Dieter
___
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Re: [Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

2006-12-17 Thread Wichert Akkerman

Previously Dieter Maurer wrote:
 The description indicates in what direction the CPM should get fixed:
 
   * If the response already provides cache control, the CPM should
 not override it, as it is likely that the specific information
 available to the response generating process is more trustworthy
 then the general CPM policies.

If we want to make CPM smarted wouldn't it make more sense to have it
select the most restrictive set of caching settings? If I have static
content that can be cached forever but include a portlet with private
information which changes every minute I do not want to get the caching
settings for the static content.

Wichert.

-- 
Wichert Akkerman [EMAIL PROTECTED]It is simple to make things.
http://www.wiggy.net/   It is hard to make things simple.
___
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

[Zope-CMF] CMF Collector: Open Issues

[Zope-CMF] CMF Tests: 8 OK, 1 Failed

Re: [Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

[Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

Re: [Zope-CMF] [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

5 matches

Site Navigation

Mail list logo

Footer information