-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote:
> +zope.app.applicationcontrol = 3.5.1 # 3.5.2 has incompatible changes > +zope.app.authentication = 3.6.1 # 3.6.2 has incompatible changes > +zope.app.catalog = 3.8.0 # 3.8.1 has incompatible changes > +zope.app.component = 3.8.3 # 3.8.4 has incompatible changes > +zope.app.container = 3.8.0 # 3.8.1 has incompatible changes > +zope.app.dav = 3.5.1 # 3.5.2 has incompatible changes > +zope.app.file = 3.5.0 # 3.5.1 has incompatible changes > +zope.app.generations = 3.5.0 # 3.5.1 has incompatible changes > +zope.app.http = 3.6.0 # 3.6.1 has incompatible changes > +zope.app.rotterdam = 3.5.0 # 3.5.1 has incompatible changes > +zope.app.security = 3.7.3 # 3.7.5 has incompatible changes > +zope.app.securitypolicy = 3.5.1 # # 3.5.2 has incompatible changes > +zope.app.testing = 3.7.3 # 3.7.4 has incompatible changes > +zope.app.zptpage = 3.5.0 # 3.5.1 has incompatible changes > +zope.container = 3.8.2 # 3.8.3 has incompatible changes > +zope.site = 3.6.1 # 3.6.2 has incompatible changes > +zope.traversing = 3.7.1 # 3.7.2 has incompatible changes If the comments are valid, these all smell like process fouls: a new third-dot release should not introduce backward incompatibilities. I see the following issues in the zope.app packages: - - According to the CHANGES.txt for z.a.applicationcontrol 3.5.2, the 'zope.ManageApplication' permission moved from z.a.security. Given the community's choice to tread a package's ZCML as part of its API (which I won't defend, as I disagree with it), this change should have resulted in a second-dot bump for each package when it occurred. It also pins the testing-only dependency on zope.publisher, which might or might not require a bump. - - z.a.authentication 3.6.1 both added a new testing dependency (zope.login) and bumped the required version of zope.publisher. This should have been a second-dot bump, except that zope.publisher is a testing-only depenency for the package. - - z.a.catalog 3.8.1 bumped the required version of zope.publisher. This should have been a second-dot bump, except that zope.publisher is a testing-only depenency for the package. - - z.a.component 3.8.4 bumped the required version of zope.publisher. This should have been a second-dot bump, as zope.publisher is a hard requirement for the pacakge. - - z.a.container 3.8.1 added a previously undeclared dependency on z.a.publisher. I'm not sure that this change requires a second-dot bump, or that any others would have broken Zope2. z.a.container 3.8.2 has the bump of zope.publisher as a hard dependency, and should therefore require a second-dot bump. - - z.a.dav 3.5.2 bumped the required version of zope.publisher, which is a hard requriement for the package. This should have been a second-dot bump. - - z.a.file 3.5.1 added a previously-undeclared dependency on transaction. Again, I'm not sure that this required a second-dot bump. It also bumped the zope.publisher dependency, but made it a testing-only depenency, which weakens any requirement for a second-dot bump in my mind. - - z.a.generations 3.5.1 added a new hard dependency on zope.processlifetime. This should have been a second-dot bump. - - z.a.http 3.6.1 made explicit an undeclared dependency on z.a.publisher, but also bumped the hard requirement on zope.publisher. The latter should have beeen a second-dot bump. - - z.a.rotterdam 3.5.1 bumped the required version of zope.publisher, which is a hard requriement for the package. This should have been a second-dot bump. - - In addition to issues with moving a permission noted above, z.a.security 3.7.5 (the 3.7.4 release was skipped) pins the version of zope.publisher, a hard requirement, which should also have caused a second-dot bump. - - z.a.securitypolicy 3.5.2 deleted entire modules full of BBB imports, which should have mandated a second-dot bump all on its own. - - z.a.testing has the zope.publisher bump, but only as a testing dependency. It also relies on the move of setHooks from zope.site to zope.component, but I can't tell whether that was already BBB compatible. - - z.a.zptpage 3.5.1 bumped the required version of zope.publisher, which is a hard requriement for the package. This should have been a second-dot bump. In the non-zope.app packages: - - zope.container 3.8.3 adds two view declarations in its ZCML. Again without defense of the policy, this is an "API change" for the package, and should have resulted in a second-dot bump. - - zope.site 3.6.2 pins the hard dependency on zope.component, and should therefore have been a second-dot bump. - - I cannot see that zope.traversing 3.7.2 introduced any incompatible changes. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkwNQBMACgkQ+gerLs4ltQ7tVQCcDz8MtTzHCnCz5oBqkh2Hv+Ig i04AoL2HWREWK2usey7sTSDI/gygaRz5 =LWRG -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
