[Zope-dev] Re: brain.getObject and traversal
Tres Seaver wrote: Since this is a bug, and it looks like it's going to be fixed with a config option, would anyone mind if I ported this code to the 2.7 branch with the option set to do whatever 2.7.5 does? - -0. This change is not a bugfix If removing bare try: excepts: is a bugfix, then this is too, can't remember when and how the big try-fix-geddon was done though... -- this is a new feature, which changes the documented behavior of the catalog brains. Which documentation are you referring to? I want to make sure it gets updated too... It is really up to Andreas whether or not to accept such a change on the 2.7 line. Andreas, whatcha think? cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: brain.getObject and traversal
--On Mittwoch, 6. April 2005 10:16 Uhr +0100 Chris Withers <[EMAIL PROTECTED]> wrote: It is really up to Andreas whether or not to accept such a change on the 2.7 line. Andreas, whatcha think? Sorry, I have to catch up with this thread. I thought the problem was solved by Tres new configuration option. -aj pgpQeSFBv0tNI.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Can't import objects in Zope 2.8a2
Hi all, I'm just trying recent Zope 2.8 a2 and I'm not able to import any .zexp file. At the begin I thought that it could be caused by the zexp I was trying to import, but default Examples.zexp also cause the same error. I've tried with and without ZEO, and with and without debug mode, always the same result.I'm doing something wrong or this could be a bug ? Thanks in advance The obtained traceback is this one: Time 2005/04/06 14:05:06.943 GMT+2 User Name (User Id) admin (admin) Request URL http://localhost.localdomain:8083/manage_importObject Exception Type BdbQuit Exception Value Traceback (innermost last): Module ZPublisher.Publish, line 113, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module OFS.ObjectManager, line 554, in manage_importObject Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Let, line 76, in render Module DocumentTemplate.DT_In, line 703, in renderwob Module App.PersistentExtra, line 44, in locked_in_version Module ZODB.Connection, line 831, in modifiedInVersion Module pdb, line 992, in set_trace Module bdb, line 52, in trace_dispatch Module bdb, line 80, in dispatch_return ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
On Apr 6, 2005, at 14:11, Santi Camps wrote: Hi all, I'm just trying recent Zope 2.8 a2 and I'm not able to import any .zexp file. At the begin I thought that it could be caused by the zexp I was trying to import, but default Examples.zexp also cause the same error. I've tried with and without ZEO, and with and without debug mode, always the same result.I'm doing something wrong or this could be a bug ? LOL looks like someone left a pdb.set_trace() in the ZODB.Connection.modifiedInVersion method... jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: - It protects names not values. This means that you protect how you access things, not the things themselves. - It doesn't provide key-bases access control for mapping objects. If you can get any key, you can get all keys. This is less powerful that Zope 2's security system, but this is power we haven't needed for Zope 3 and I suggest we don't really need it for Zope 2. - Non-basic values passed from trusted code to untrusted code are security proxied and thus protected. This means that the security framework has a much greater reach than in Zope 2, Even trusted code is subject to the security system in many cases. This can be a good thing or a bad thing, depending on your point of view. :) - The Zope 3 security system is much more pluggable. This means that it is much easier to provide alternate security policies to meet special needs to or exclude unneeded features. For more information on the security system, see: http://svn.zope.org/Zope3/trunk/src/zope/security/untrustedinterpreter.txt?view=markup http://svn.zope.org/Zope3/trunk/src/zope/security/README.txt?view=markup http://svn.zope.org/Zope3/trunk/src/zope/app/securitypolicy/zopepolicy.txt?view=markup http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/ProgrammerTutorial/programmers_tutorial.pdf I see 2 main challenges: - supporting implicit acquisition - Backward incompatibilities: o No support for key-based access control o Trusted code will be subject to security restrictions in cases in which it isn't now. I think there will be a number of significant benefits, including: - Greater security - Less complexity - Less risk with new Python versions - Narrower gap between Zope 2 and Zope 3. This will be a fairly large job. I won't have time to work on it before this Fall. I could certianly use some help. :) Are there any objections? Suggestions? Questions? Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
--On Mittwoch, 6. April 2005 14:22 Uhr +0200 Jens Vagelpohl <[EMAIL PROTECTED]> wrote: On Apr 6, 2005, at 14:11, Santi Camps wrote: Hi all, I'm just trying recent Zope 2.8 a2 and I'm not able to import any .zexp file. At the begin I thought that it could be caused by the zexp I was trying to import, but default Examples.zexp also cause the same error. I've tried with and without ZEO, and with and without debug mode, always the same result.I'm doing something wrong or this could be a bug ? LOL looks like someone left a pdb.set_trace() in the ZODB.Connection.modifiedInVersion method... There was something with a pdb.set_trace() in ZODB code (on some Zope list lately). -aj pgpG7VpzZXNZw.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
[Santi Camps] >> I'm just trying recent Zope 2.8 a2 and I'm not able to import any >> .zexp file. At the begin I thought that it could be caused by the >> zexp I was trying to import, but default Examples.zexp also cause the >> same error. I've tried with and without ZEO, and with and without >> debug mode, always the same result.I'm doing something wrong or >> this could be a bug ? [Jens Vagelpohl] > LOL looks like someone left a pdb.set_trace() in the > ZODB.Connection.modifiedInVersion method... Yup, that got checked in by mistake during the recent ZODB sprint at PyCon. It's repaired on Zope trunk / ZODB 3.4a2, so try the trunk instead. Another thing it proves is that Zope's test suite is somewhat lacking . ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
On Apr 6, 2005, at 15:00, Tim Peters wrote: LOL looks like someone left a pdb.set_trace() in the ZODB.Connection.modifiedInVersion method... Yup, that got checked in by mistake during the recent ZODB sprint at PyCon. It's repaired on Zope trunk / ZODB 3.4a2, so try the trunk instead. Another thing it proves is that Zope's test suite is somewhat lacking . So I was clicking through svn.zope.org trying to find the ZODB code in question but couldn't, simply because I did not know what tag/branch the version stitched into Zope 2.8a2 is. How can you tell from looking at the Zope code on http://svn.zope.org which ZODB branch/tag is stitched in during checkout? jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: brain.getObject and traversal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: > > > --On Mittwoch, 6. April 2005 10:16 Uhr +0100 Chris Withers > <[EMAIL PROTECTED]> wrote: > >> >>> It is really up to >>> Andreas whether or not to accept such a change on the 2.7 line. >> >> >> Andreas, whatcha think? > > > Sorry, I have to catch up with this thread. I thought the problem was > solved by > Tres new configuration option. Chris wants to backport it to 2.7 x; I'm opposed. Your call. Tres. - -- === Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCU+T4GqWXf00rNCgRAmunAJ9KhHjABM6gcjsdFpfjz3OfQISUVACdFLQy J9CiMRtEQu0CV4CRJxVEX+c= =vinQ -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: brain.getObject and traversal
--On Mittwoch, 6. April 2005 9:32 Uhr -0400 Tres Seaver <[EMAIL PROTECTED]> wrote: Chris wants to backport it to 2.7 x; I'm opposed. Your call. If it does not change the default behaviour we have in 2.7.5... why not... Andreas pgp7uZ3q8EeTC.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Can't import objects in Zope 2.8a2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens Vagelpohl wrote: > > On Apr 6, 2005, at 15:00, Tim Peters wrote: > >>> LOL looks like someone left a pdb.set_trace() in the >>> ZODB.Connection.modifiedInVersion method... >> >> >> Yup, that got checked in by mistake during the recent ZODB sprint at >> PyCon. >> >> It's repaired on Zope trunk / ZODB 3.4a2, so try the trunk instead. >> >> Another thing it proves is that Zope's test suite is somewhat lacking >> . > > > So I was clicking through svn.zope.org trying to find the ZODB code in > question but couldn't, simply because I did not know what tag/branch the > version stitched into Zope 2.8a2 is. How can you tell from looking at > the Zope code on http://svn.zope.org which ZODB branch/tag is stitched > in during checkout? viewcvs doesn't seem to give access to the DAV properties of the folders. The name of the property is 'svn:externals', which contains a list of name->URL mappings. Tres. - -- === Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCU+oNGqWXf00rNCgRAuaYAJ4/4TAtb1DZy8Nh10gs8pwCD3AvCgCfbNbV 19uJRye/Hr0s3ToATHhuXt8= =asYz -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] opinion: speeding up large PUT uploads
Chris McDonough <[EMAIL PROTECTED]> wrote: > On Wed, 2005-04-06 at 00:45, Pavel Zaitsev wrote: > > If you look above I had problems with zope creating temp files, as I am > > using Mac OS X and Webdav to Zope > > mounted on the same machine. There is some race condition on locks in > > mach kernel, and sometimes zope > > dies, as open system call never returns. > > That sounds bad. I'm surprised you've had so much trouble with this. I > thought OS X was just BSD, and BSD works fine? The webdav kernel drivers are known to have quite a number of problems in Mac OS X 10.3 (don't know about upcoming Tiger). Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
[Jens Vagelpohl] > So I was clicking through svn.zope.org trying to find the ZODB code in > question but couldn't, simply because I did not know what tag/branch > the version stitched into Zope 2.8a2 is. How can you tell from looking > at the Zope code on http://svn.zope.org which ZODB branch/tag is > stitched in during checkout? Never tried before, and don't think you can. From the root of a Zope checkout, you can do: svn proplist -v utilities lib/python ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
On Apr 6, 2005, at 17:50, Tim Peters wrote: [Jens Vagelpohl] So I was clicking through svn.zope.org trying to find the ZODB code in question but couldn't, simply because I did not know what tag/branch the version stitched into Zope 2.8a2 is. How can you tell from looking at the Zope code on http://svn.zope.org which ZODB branch/tag is stitched in during checkout? Never tried before, and don't think you can. From the root of a Zope checkout, you can do: svn proplist -v utilities lib/python Well, I was trying to *avoid* making a checkout to see that detail, that's all... jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 08:33:39AM -0400, Jim Fulton wrote: > > I very much want Zope 2.9 to use Zope 3's security architecture. > Zope 3's security architecture is far more robust, but it is different > in some significant ways: (snip) Will this all be "under the hood"? i.e. will Products have to be rewritten for 2.9? i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... > I see 2 main challenges: > > - supporting implicit acquisition > > - Backward incompatibilities: > > o No support for key-based access control Don't know what that is. -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Can't import objects in Zope 2.8a2
On Wed, Apr 06, 2005 at 05:55:18PM +0200, Jens Vagelpohl wrote: | >svn proplist -v utilities lib/python | | Well, I was trying to *avoid* making a checkout to see that detail, | that's all... svn proplist -v svn://svn.zope.org/repos/main/Zope/trunk/utilities Properties on 'svn://svn.zope.org/repos/main/Zope/trunk/utilities': svn:externals : ZODBTools svn://svn.zope.org/repos/main/ZODB/tags/3.4.0a2/src/scripts -- Sidnei da Silva <[EMAIL PROTECTED]> http://awkly.org - dreamcatching :: making your dreams come true http://www.enfoldsystems.com http://plone.org/about/team#dreamcatcher <[EMAIL PROTECTED]> Why? because C++ is an excellent language for doing slow and late projects in. :) <[EMAIL PROTECTED]> dash: at least it's good for something. :) ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Paul Winkler wrote: On Wed, Apr 06, 2005 at 08:33:39AM -0400, Jim Fulton wrote: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: (snip) Will this all be "under the hood"? i.e. will Products have to be rewritten for 2.9? I don't know. I expect that most products would not have to be rewritten. I expect that *some* proucts would. (e.g. products that depend on key-based access control.) i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... That will work, and I don't see a need to deprecate it. Eventually, though, I expect products to migrate to ZCML-based security declarations. ... o No support for key-based access control Don't know what that is. It was/is possible to control access to mapping items based on item values (e.g. key values). Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 12:49:19PM -0400, Jim Fulton wrote: > >> o No support for key-based access control > > > > > >Don't know what that is. > > It was/is possible to control access to mapping items > based on item values (e.g. key values). OK... I've never used this AFAIK. Anybody know if it's a widely used feature? -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Wed, Apr 06, 2005 at 12:49:19PM -0400, Jim Fulton wrote: | >i.e. will I still write: | > | >security.declareProtected(SomePermission, 'foo') | >def foo(self): | >... | | That will work, and I don't see a need to deprecate it. | Eventually, though, I expect products to migrate to | ZCML-based security declarations. BTW, Five already allows ZCML-based security declarations, to the extent supported by Zope 2. You can't protect assigning to instance attributes by a permission until we move to Zope 3 security implementation. | It was/is possible to control access to mapping items | based on item values (e.g. key values). Is this related in any way to having a dictionary or callable in __allow_access_to_unprotected_subobjects__? I ask because we just started abusing this one *wink*. -- Sidnei da Silva <[EMAIL PROTECTED]> http://awkly.org - dreamcatching :: making your dreams come true http://www.enfoldsystems.com http://plone.org/about/team#dreamcatcher we are the knights who say INT! SHORT! and UNSINNNED LONGG! ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Five within Zope 2.8 - really cool !
Andreas Jung wrote: I just would like to thank everyone working on the Five integration with Zope 2.8. It's really easy and fun to work with views, view classes, adapters and interfaces in a Zope 2 environment. I've always tried to get around Zope 3 somehow but now I am at the point where I am really convinced and healed :-) It was a good decision to ship Five now instead in Zope 2.9 or so. I am sure Five will make Z2 application design a lot more straight forward and cleaner...thanks...great work. Thanks on behalf of the Five developers and integrators! That's very nice to hear, especially coming from you! Regards, Martijn ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope 2.7.6 release schedule
The schedule for the next Zope release is a follows: 2.7.6 b1: April 13th 2.7.6 RC1: April 20th 2.7.6 final: April 27th Although 2.7.5 had been relased lately, yesterdays hotfix and another bug justify a new release this month. Andreas pgplUhIIumTkV.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Jim Fulton wrote at 2005-4-6 08:33 -0400: > >I very much want Zope 2.9 to use Zope 3's security architecture. >Zope 3's security architecture is far more robust, but it is different >in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... Hopefully, such a major change will not require 4, 5, 6 minor releases and years for stabilazation... -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Sidnei da Silva wrote: ... Is this related in any way to having a dictionary or callable in __allow_access_to_unprotected_subobjects__? I ask because we just started abusing this one *wink*. I believe so. I don't remember the details. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
Dieter Maurer wrote: Jim Fulton wrote at 2005-4-6 08:33 -0400: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... Hopefully, such a major change will not require 4, 5, 6 minor releases and years for stabilazation... Hopefully not. It depends on whether people choose to test their application during the beta cycle or during the release cycle. This will be a *big* change. Possibly, this will be bigger than the change from 2.7 to 2.8. I do think it will provide significant benefits that justify the pain. Of course, when we try it, we may find it is too painful and we'll have to reconsider. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] SiteRoot and VHM
After spending an hour helping someone debug a site that had an hidden SiteRoot somewhere that prevented a virtual host monster from working, it was suggested to me that if there's a virtual host monster, it should take precedence (and deactivates) any further SiteRoot. I think it's a good idea. Should I create a patch ? Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Apr 2005 02:49 am, Jim Fulton wrote: > Paul Winkler wrote: > > i.e. will I still write: > > > > security.declareProtected(SomePermission, 'foo') > > def foo(self): > > ... > > That will work, and I don't see a need to deprecate it. > Eventually, though, I expect products to migrate to > ZCML-based security declarations. Is this a general trend for Zope 2? I'd rather see Zope 2 kinda avoid ZCML if possible. It's just one of those personal preference things, I suppose, but I know I'm not the only one who isn't that enamored of the ZCML approach. I actually like having the declarations all in the python code like it is in Zope 2. I'd like to see the declarative style that Zope 2 move to using decorators. I was sitting in a presentation at PyCon talking about MetaClasses, and I finally *got* them. I realised that the security declarations in Zope 2 are a perfect fit for metaclasses and decorators. If only I had the time to actually implement this dream ;) Note that this all comes from the perspective of someone whose only exposure to Zope 3 has been through two sprints. I've not actually tried to develop any sort of application using it. My day job is very firmly fixed in Zope 2, and isn't likely to change for a long time. So I'm definitely speaking from ignorance of real-world application development in Zope 3. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCVIIirGisBEHG6TARAowSAKCGSgaIkZeLJfg1NFlnzKdhOZDa3QCePu30 f5MPM1sUwbBEVykehbyNH7o= =v736 -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
--On Mittwoch, 6. April 2005 21:59 Uhr +0200 Dieter Maurer <[EMAIL PROTECTED]> wrote: Jim Fulton wrote at 2005-4-6 08:33 -0400: I very much want Zope 2.9 to use Zope 3's security architecture. Zope 3's security architecture is far more robust, but it is different in some significant ways: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... I don't know exactly to which changes do you refer. Either little people that this problem or people did not use these releases or people did not test enough or people did not contribute enough to fix this bug in time *wink*. -aj pgpU4uTM9RZcM.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] SiteRoot and VHM
On Apr 7, 2005, at 1:45, Florent Guillaume wrote: After spending an hour helping someone debug a site that had an hidden SiteRoot somewhere that prevented a virtual host monster from working, it was suggested to me that if there's a virtual host monster, it should take precedence (and deactivates) any further SiteRoot. I think it's a good idea. Wouldn't that fall under "Unexpected new behavior"? VHMs have always been "inert" objects that don't do anything unless you specifically use the Mappings tab or you hand them magic URL path elements. That was their beauty as opposed to the "dangerous" SiteRoot. Now you propose adding magic. Magic is BAD, IMHO. -0 on the trunk, but -1 for any maintenance branch. jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
On Apr 7, 2005, at 6:50, Andreas Jung wrote: Even small modifications to the security machinery tend to end up in lots of problems. The latest prominent example: the changes introduced with Zope 2.7.3: It took two releases (until 2.7.5) and more than 6 months (at least in my memory) before everything worked again as it should... I don't know exactly to which changes do you refer. Either little people that this problem or people did not use these releases or people did not test enough or people did not contribute enough to fix this bug in time *wink*. This is probably in reference to some overeager security checks that caused login boxes in unexpected places. Jim and Tres fixed that for 2.7.5. I thought that problem was older than 2.7.3, though. jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )