Re: [Zope-dev] Re: [patch] More secure cookie crumbler?
On Sat, 17 Apr 2004, Stuart Bishop wrote: > > BTW, I wouldn't mind if you or Stuart took over maintainership of > > CookieCrumbler after the next release. Then you'd be able to take it > > any direction you want. I don't believe its model can support well > > the things you're asking it to do, but I'll happily give you the > > chance to prove me wrong. :-) > > I wouldn't be taking it in any direction - I like the product the way > it is (Now I have checked in my code :-) ). Give me a poke if you don't > feel like applying bug fixes though. Hmm. I really wasn't expecting any new code yet. Session cookies are a very significant maintenance burden in Zope, and it's not in my interest to support them. If you don't mind, I think I'll release a version of CC without any session support, then I'll give Chris Withers the maintainer hat. He'll start with your latest version. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [patch] More secure cookie crumbler?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/04/2004, at 1:40 PM, Shane Hathaway wrote: On 04/12/04 09:04, Chris Withers wrote: For me, that's worth patching for, it's up to you if you want to include it in an offical CookieCrumbler release or not ;-) BTW, I wouldn't mind if you or Stuart took over maintainership of CookieCrumbler after the next release. Then you'd be able to take it any direction you want. I don't believe its model can support well the things you're asking it to do, but I'll happily give you the chance to prove me wrong. :-) I wouldn't be taking it in any direction - I like the product the way it is (Now I have checked in my code :-) ). Give me a poke if you don't feel like applying bug fixes though. - -- Stuart Bishop <[EMAIL PROTECTED]> http://www.stuartbishop.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAgLQXAfqZj7rGN0oRAtRqAJ92YgRN62v9S/NLKrihGZguNnQF9gCgmyg4 EGTx2vtEJ7EKLlFjMEBWe8s= =uEZG -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [patch] More secure cookie crumbler?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/04/2004, at 4:28 PM, Kapil Thangavelu wrote: fwiw, Simon Eisenmann checked in a SessionStorage product into the collective which does much the same. released under the zpl http://cvs.sourceforge.net/viewcvs.py/collective/SessionCrumbler/ Looks pretty similar. It looks like it was written against the CMF's Cookie Crumbler rather than the standalone - I don't know if these two implementations have diverged much or not. - -- Stuart Bishop <[EMAIL PROTECTED]> http://www.stuartbishop.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAgLKtAfqZj7rGN0oRApVJAJ93KDOQZ2qV9v8gDv5adu5ITDu8rgCfa/0R ZRfH3ojpD4qQjx/XQ3B3wrM= =AtNX -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [patch] More secure cookie crumbler?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/04/2004, at 3:34 PM, Tres Seaver wrote: I haven't looked at the code. Do you have actual experience using core sessions over ZEO? I pondered that recently for a client, and fell back to using a hacked together version of Anthony Baxter's SQLSession product, instead. No experience unfortunately, although I do use sessions stored in the ZODB rather than temporary storage. I would consider it a bug if it didn't work :-) Performance may be an issue depending on how you use your SESSIONs of course which I suspect would be the major issue with doing this. SessionStorage would work either as a separate product, or as a knob for the CookieCrumbler, I think. If ZPL is an adequate license, why don't you check it in there? I've checked a version into Products/CookieCrumber and added a note to the CHANGES.txt - -- Stuart Bishop <[EMAIL PROTECTED]> http://www.stuartbishop.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAgK/jAfqZj7rGN0oRAuvLAJ0dc8+B6NuTnIbUQWOV2OqCQYCfJQCeNHJm t6lrGtXwIkmhRr+O9VPrHuQ= =f7dh -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
Shane Hathaway wrote: Michael Bernstein wrote: Did I miss something? Did I just manage to embarrass myself? Is this a dream where I find I am wearing nothing but underwear in public and then wake up? Well, OPE made me think of: - Opie on The Andy Griffith Show - http://www.imdb.com/title/tt0053479/ - Spelling it "zOPE" to take advantage of a frequent mishap involving the cAPS lOCK key - Shouting the name of the product repeatedly in code as a method of advertising How about 'ope', then? Actually, I don't really care what it's changed to. Jim is right in that it needs to be changed, and I thought 'z' to be not-so-great a choice for the reasons I already gave (in addition to some of the cons that Jim lists in his proposal). An optimal choice probably doesn't exist, though. I thought it was funny. :-) Do I *amuse* you? ;-) -- - Michael R. Bernstein michaelbernstein.com Author of Zope Bible ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
On Friday 16 April 2004 03:24 pm, Shane Hathaway wrote: > - Spelling it "zOPE" to take advantage of a frequent mishap involving > the cAPS lOCK key That must be what happened for zLOG, and I declared that dead. I don't think anyone's ready for that for Zope 3 just yet. ;-) -Fred -- Fred L. Drake, Jr. PythonLabs at Zope Corporation ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
On Friday 16 April 2004 03:06 pm, Michael Bernstein wrote: > Shouldn't we strive for consistency in nomenclature going forward? Definately. My point was that we don't have anything to base it on, not that we shouldn't be. Zope 3 kindly specifies some guidelines for naming, including module and package names. I'm not convinced "z" follows those guidelines (actually, I'm also not convinced it doesn't, given that the official expansion for ZOPE is the "Z Object Publishing Environment"). > About even considering a 'wholesale moving and renaming' yes, obviously, > but as far as suggesting 'OPE' as an alternative to 'z' (insofar as it > is still necessary to avoid a name-clash with 'Zope'), no. 'OPE' (as an > acronym for Object Publishing Environment) seems like it fits better > conceptually than 'z'. >From where I stand, calling it "OPE" (or "ope", or "Ope") are all the same mistake as "Interface", "transaction", "persistent", "Persistence", etc: taking a very general term and using that for a specific implementation. We're not dealing with some abstract or archtypical object publishing environment, we're dealing with a specific one. Whether or not "z" is a good name for it is another question altogether. ;-) > Did I miss something? Did I just manage to embarrass myself? Is this a > dream where I find I am wearing nothing but underwear in public and then > wake up? That's better than dreaming you're wearing a suit in a dream, and waking up wearing nothing but your underwear in public. ;-) -Fred -- Fred L. Drake, Jr. PythonLabs at Zope Corporation ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
Michael Bernstein wrote: Fred Drake wrote: Hehe. ;-) (I do hope you're joking!) About even considering a 'wholesale moving and renaming' yes, obviously, but as far as suggesting 'OPE' as an alternative to 'z' (insofar as it is still necessary to avoid a name-clash with 'Zope'), no. 'OPE' (as an acronym for Object Publishing Environment) seems like it fits better conceptually than 'z'. Did I miss something? Did I just manage to embarrass myself? Is this a dream where I find I am wearing nothing but underwear in public and then wake up? Well, OPE made me think of: - Opie on The Andy Griffith Show - http://www.imdb.com/title/tt0053479/ - Spelling it "zOPE" to take advantage of a frequent mishap involving the cAPS lOCK key - Shouting the name of the product repeatedly in code as a method of advertising - Friday afternoon I thought it was funny. :-) Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
Fred Drake wrote: On Friday 16 April 2004 01:31 pm, Michael Bernstein wrote: > From a consistency in nomenclature POV, I find 'z' jars a bit with > ZConfig, zdaemon, ZEO, zLog, and ZODB, which one might expect to find > nested within 'z' (as 'z.Config' for example). This is admittedly only > an issue for the newest newbies still trying to guess at where stuff is > located. I don't know what zLog is; presumably you mean zLOG? Yep. zLOG is dead in Zope 2.8, and will remain only for API compatibility. I don't think there's any real consistency now for what's in the Zope 2 head, so I don't think that's a big deal. Shouldn't we strive for consistency in nomenclature going forward? > However, rather than suggest a wholesale moving and renaming of these > packages within 'z', I'd like to suggest an alternative short name for > the 'zope' package, 'OPE', which avoids this issue: > > import OPE.interface > from OPE.app import zapi > from OPE.app.event import publish > from OPE.app.event.objectevent import ObjectModifiedEvent Hehe. ;-) (I do hope you're joking!) About even considering a 'wholesale moving and renaming' yes, obviously, but as far as suggesting 'OPE' as an alternative to 'z' (insofar as it is still necessary to avoid a name-clash with 'Zope'), no. 'OPE' (as an acronym for Object Publishing Environment) seems like it fits better conceptually than 'z'. Did I miss something? Did I just manage to embarrass myself? Is this a dream where I find I am wearing nothing but underwear in public and then wake up? -- - Michael R. Bernstein michaelbernstein.com Author of Zope Bible ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
Michael Bernstein wrote: However, rather than suggest a wholesale moving and renaming of these packages within 'z', I'd like to suggest an alternative short name for the 'zope' package, 'OPE', which avoids this issue: import OPE.interface from OPE.app import zapi from OPE.app.event import publish from OPE.app.event.objectevent import ObjectModifiedEvent In that case, let's consider renaming it "zopepoz": Z Object Publishing Environment with Persistent Object Zystem. Palindromic and all. Or maybe just Bobo. Gotta be backward compatible. :-) Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
On Friday 16 April 2004 01:31 pm, Michael Bernstein wrote: > From a consistency in nomenclature POV, I find 'z' jars a bit with > ZConfig, zdaemon, ZEO, zLog, and ZODB, which one might expect to find > nested within 'z' (as 'z.Config' for example). This is admittedly only > an issue for the newest newbies still trying to guess at where stuff is > located. I don't know what zLog is; presumably you mean zLOG? zLOG is dead in Zope 2.8, and will remain only for API compatibility. I don't think there's any real consistency now for what's in the Zope 2 head, so I don't think that's a big deal. > However, rather than suggest a wholesale moving and renaming of these > packages within 'z', I'd like to suggest an alternative short name for > the 'zope' package, 'OPE', which avoids this issue: > > import OPE.interface > from OPE.app import zapi > from OPE.app.event import publish > from OPE.app.event.objectevent import ObjectModifiedEvent Hehe. ;-) (I do hope you're joking!) -Fred -- Fred L. Drake, Jr. PythonLabs at Zope Corporation ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposal: Rename zope package
Jim Fulton wrote: Based on recent discussions, I've created a proposal: http://dev.zope.org/Zope3/RenameTheZopePackage to rename the "zope" package to "z". Unless there are strong objections, we'll do this after we move the Zope repository head to subversion at the end of the month. From a consistency in nomenclature POV, I find 'z' jars a bit with ZConfig, zdaemon, ZEO, zLog, and ZODB, which one might expect to find nested within 'z' (as 'z.Config' for example). This is admittedly only an issue for the newest newbies still trying to guess at where stuff is located. However, rather than suggest a wholesale moving and renaming of these packages within 'z', I'd like to suggest an alternative short name for the 'zope' package, 'OPE', which avoids this issue: import OPE.interface from OPE.app import zapi from OPE.app.event import publish from OPE.app.event.objectevent import ObjectModifiedEvent Cheers, -- - Michael R. Bernstein ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Proposal: Rename zope package
Based on recent discussions, I've created a proposal: http://dev.zope.org/Zope3/RenameTheZopePackage to rename the "zope" package to "z". Unless there are strong objections, we'll do this after we move the Zope repository head to subversion at the end of the month. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope3-dev], [Zope-dev] Import checking code
On Friday 16 April 2004 06:15 am, Martijn Faassen wrote: > I'll try to find some time to take a look at it. Dependency checking is > sort of a natural thing to use importchecker stuff for, but > importchecker itself may need some refactoring. :) Actually, the confusion I was referring to was in finddeps.py, not importfinder.py. It was very difficult to follow the code. > Right, I'd missed the transition to the tokenize based code, which > probably is reasonably reliable. I did have objections to the regular > expressions. :) I'm confident that the tokenize-based code finds everything; what it replaced did not. -Fred -- Fred L. Drake, Jr. PythonLabs at Zope Corporation ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope + Ape + Subversion (was: RE: Using a truely revis ion based storage for Zope ?)
On Thu, 15 Apr 2004 20:40:09 -0400 (EDT) Shane Hathaway <[EMAIL PROTECTED]> wrote: > On Wed, 14 Apr 2004, Kapil Thangavelu wrote: > > > although i wonder if there is some hand waving in progress here that > > i can't see. i guess my semantic notion of versions has been that of > > long lived transactions, and is there a better means of thinking of > > them? how do they play across with multiple mounted zodbs? what > > would something like merge mean in the context of a catalog? > > By my understanding, outside the storage, different versions are > completely independent. You could even simulate multiple databases > using versions. It is the storage that knows how to create new > versions, merge versions, and prevent objects being used in a version > from being changed. > > Mounted databases try to use the same version as the root connection. > > To merge a catalog, you could bring one of the stored catalogs to life > within the storage and replay the sequence of transactions that > occurred in the other catalog. This could be tricky, and opening a > catalog within a ZEO server would make the ZEO server less stable. Ok, running the catalog on the storage server. Now that's crazy talk ;^) running-awayly y'rs, -Casey ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: class methods in Persistent objects
Syver Enstad wrote: Is it possible to have class methods on ZODB Persistent objects? I am using 3.2 so that means I am using ExtensionClass. I guess that moving to 3.3 would mean being able to use class methods? What is the expected time that the 3.3 release will be ready for production use? I dunno what you are meaning with class methods - maybe static methods or nwe style classes - but in general: You cannot use any new style class related stuff in persistent classes until zope 2.8 with new style extension class. So don't use any vars that contain python 2.2/2.3 stuff except of True and False. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope3-dev], [Zope-dev] Import checking code
Fred Drake wrote: On Thursday 15 April 2004 13:22, Martijn Faassen wrote: > If somebody lets me know which API they want implemented for retrieving > imports (and use of imports) I could do this lifting work myself. I'm not sure simply re-implementing one of the finddeps.py internal interfaces is the right thing to do; that's some incredibly cludgey code in Zope 3. There's a lot of confusion about what values are paths and which are module names, and that makes me very uncomfortable. If you'd like to replace the code that locates imports, feel free to do so. It may be that conciseness wins; the tokenize-based approach certainly ended up being more code than I'd expected initially. I'll try to find some time to take a look at it. Dependency checking is sort of a natural thing to use importchecker stuff for, but importchecker itself may need some refactoring. :) On Thursday 15 April 2004 01:21 pm, Stephan Richter wrote: > Fred has fixed that a while ago already (if I read the checkins > correctly). :-) No, Martijn's talking about something else... kinda. I imagine he had even stronger feelings about your initial implementation. ;-) Right, I'd missed the transition to the tokenize based code, which probably is reasonably reliable. I did have objections to the regular expressions. :) Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] class methods in Persistent objects
Is it possible to have class methods on ZODB Persistent objects? I am using 3.2 so that means I am using ExtensionClass. I guess that moving to 3.3 would mean being able to use class methods? What is the expected time that the 3.3 release will be ready for production use? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
