Lennart Regebro wrote:
On Thu, Jan 22, 2009 at 10:38, Chris Withers ch...@simplistix.co.uk wrote:
Note that Jim never explained to me how he does these audits, but I gathered
some methods he used in conversations. I think I did a pretty thorough job
during the review.
Yeah, this disturbs me a
Tres Seaver wrote:
Ugh. -1 to any attempt to use space suits in Z2. I would rather move
to a model which made it easy to mark some / all TTW objects as
trusted, disabling security checks altogether: the untrusted users
can edit TTW code use case is pretty much irrelevant for any site I
On Thu, Jan 22, 2009 at 10:38, Chris Withers ch...@simplistix.co.uk wrote:
Note that Jim never explained to me how he does these audits, but I gathered
some methods he used in conversations. I think I did a pretty thorough job
during the review.
Yeah, this disturbs me a lot still though :-S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lennart Regebro wrote:
On Thu, Jan 22, 2009 at 10:38, Chris Withers ch...@simplistix.co.uk wrote:
Note that Jim never explained to me how he does these audits, but I gathered
some methods he used in conversations. I think I did a pretty thorough
Dieter Maurer wrote:
Chris Withers wrote at 2009-1-22 09:38 +:
...
One thing that myself and Shane talked briefly about on this list was
re-implementing the AST manipulation as dissallow-by-default filter
rather than a straight manipulation. That way, unexpected stuff should
be
Shane Hathaway wrote:
Chris Withers wrote:
I don't think this is such a huge change, it's a change in the style
of what RP does already, not a complete re-implementation...
OTOH, with Python 3 now released, it seems unlikely that we'll see any
new syntax added to Python 2.x. So RP
Andreas Jung wrote at 2009-1-21 14:55 +0100:
...
TARGET=Python 2.6.X
ACCEPTABLE=Python 2.5
Python 2.4.X would be basically not acceptable but could be used
at your own risk using the --with-python option.
...
- - removing ZClasses completely
But hopefully provided by a separate
Chris Withers wrote at 2009-1-22 09:38 +:
...
One thing that myself and Shane talked briefly about on this list was
re-implementing the AST manipulation as dissallow-by-default filter
rather than a straight manipulation. That way, unexpected stuff should
be allowed by default.
The terms
Hanno Schlichting wrote at 2009-1-23 19:36 +0100:
Wichert Akkerman wrote:
Previously Tres Seaver wrote:
Andreas Jung wrote:
- removing ZClasses completely
This is done now.
Wow. This was quick!
Much quicker than fixing bugs reported in the collector :-(
--
Dieter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 12:44 Uhr, Dieter Maurer wrote:
Hanno Schlichting wrote at 2009-1-23 19:36 +0100:
Wichert Akkerman wrote:
Previously Tres Seaver wrote:
Andreas Jung wrote:
- removing ZClasses completely
This is done now.
Wow. This was quick!
Andreas Jung wrote at 2009-1-25 10:21 +0100:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 9:27 Uhr, Dieter Maurer wrote:
Andreas Jung wrote at 2009-1-21 14:55 +0100:
...
TARGET=Python 2.6.X
ACCEPTABLE=Python 2.5
Python 2.4.X would be basically not acceptable but could be
Andreas Jung wrote at 2009-1-25 12:53 +0100:
...
- removing ZClasses completely
This is done now.
Wow. This was quick!
Much quicker than fixing bugs reported in the collector :-(
Please stop bitching and fix your favorite bugs in the collector.
You have svn commit right *wink*
I will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 12:56 Uhr, Dieter Maurer wrote:
Andreas Jung wrote at 2009-1-25 10:21 +0100:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 9:27 Uhr, Dieter Maurer wrote:
Andreas Jung wrote at 2009-1-21 14:55 +0100:
...
On Sun, Jan 25, 2009 at 12:56, Dieter Maurer die...@handshake.de wrote:
I plan to provide such a package as dm.ZClasses or (maybe) Zope2.ZClasses
-- of course with some complaints against the Zope release management
in the documentation:
* cutting away useful features without any serious
Andreas Jung wrote:
On 21.01.2009 14:55 Uhr, Andreas Jung wrote:
- complete eggification (apparently pretty much done)
I tried to make an old-style full-tarball release yesterday and ran into
a problem. The setup.py in the created tarball references the 'src'
folder in some steps, which isn't
Andreas Jung wrote:
- complete eggification (apparently pretty much done)
We have to define what eggification means exactly. By now the
Zope2.buildout seems to work fine with Python 2.4-2.6. I think
we want to see Zope2 being easy_install-able. This means basically:
- a source code
Previously Laurence Rowe wrote:
It's possible to have egg dependencies on development versions of other
eggs so long as there is an svn egg link on the pypi page.
For example in zope.sqlalchemy's pypi page I include a link like to:
Martijn Pieters wrote at 2009-1-25 13:29 +0100:
On Sun, Jan 25, 2009 at 12:56, Dieter Maurer die...@handshake.de wrote:
I plan to provide such a package as dm.ZClasses or (maybe) Zope2.ZClasses
-- of course with some complaints against the Zope release management
in the documentation:
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 20:09 Uhr, Dieter Maurer wrote:
Martijn Pieters wrote at 2009-1-25 13:29 +0100:
On Sun, Jan 25, 2009 at 12:56, Dieter Maurer die...@handshake.de wrote:
I plan to provide such a package as dm.ZClasses or (maybe)
Zope2.ZClasses
-- of
Andreas Jung wrote at 2009-1-25 20:19 +0100:
...
Please stop the discussion. The majority of Zope developers considers
the ZClasses programming model as not up2date and not flexible enough
when it comes to extensibility and scalability.
That's why we don't want
ZClasses being part of Zope 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.01.2009 20:34 Uhr, Dieter Maurer wrote:
Andreas Jung wrote at 2009-1-25 20:19 +0100:
...
Please stop the discussion. The majority of Zope developers considers
the ZClasses programming model as not up2date and not flexible enough
when it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21.01.2009 14:55 Uhr, Andreas Jung wrote:
- complete eggification (apparently pretty much done)
We have to define what eggification means exactly. By now the
Zope2.buildout seems to work fine with Python 2.4-2.6. I think
we want to see Zope2
Previously Tres Seaver wrote:
Andreas Jung wrote:
- removing ZClasses completely
- -0. I don't want to invest effort in maintaining them, but if they are
still working for people in 2.11, I don't think we need to rip them out.
+1
There is a whole lot of legacy code surrounding Zope
On Jan 22, 2009, at 9:34 PM, Tres Seaver wrote:
I'm actually willing to abandon the big tree altogether, unless
somebody comes up with a clever way to automate it from some Z2-
specific
KGS index. I think the canonical source install would be something
like a tarball of a buildout tree,
On Friday 23 January 2009, Wichert Akkerman wrote:
I'm actually willing to abandon the big tree altogether, unless
somebody comes up with a clever way to automate it from some Z2-specific
KGS index. I think the canonical source install would be something
like a tarball of a buildout tree,
Wichert Akkerman wrote:
Previously Tres Seaver wrote:
Andreas Jung wrote:
- removing ZClasses completely
This is done now.
There is a whole lot of legacy code surrounding Zope startup and the
persistent control panel that is only there to support ZClasses.
Removing them would allow for a
Andreas Jung wrote:
- - removing ZClasses completely
...into a seperate egg/product, right?
- - how do to a traditional SVN checkout of the Zope 2 and the related
Zope 3 modules? The Zope2.buildout maintains its dependencies through
a KGS - the old-style SVN checkout uses svn:external.
Stephan Richter wrote:
On Wednesday 21 January 2009, Andreas Jung wrote:
- RestrictedPython security audit: such an audit has been made
by Stefan and Sidnei. I am not qualified to speak about the
correctness of the audit. I assume they know what they were
doing. Unless objections one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22.01.2009 10:38 Uhr, Chris Withers wrote:
Stephan Richter wrote:
On Wednesday 21 January 2009, Andreas Jung wrote:
- RestrictedPython security audit: such an audit has been made
by Stefan and Sidnei. I am not qualified to speak about the
Andreas Jung wrote:
It's a shame Jim has so little time to spend on this...
Take your hat and collect some money for hiring Jim :-)
Zope Corp chose to assume the Zope brand for themselves, given the
prevelence of Zope 2 and RestrictedPython, it'd be nice if they could
devote some of Jim's
While we are at it...
The biggest offender is the zodbcode package, which does not appear to
pass its tests at all under Python 2.6. Not having investigated this
further I can imagine three courses of action:
1) Fix zodbcode (me shrugs)
2) Exclude zodbcode tests from the test suite
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Jung wrote:
Hi there,
based on an earlier Zope 2.12 thread
http://mail.zope.org/pipermail/zope-dev/2008-October/033572.html
I propose that we get out an alpha version of Zope 2.12 by end
of February.
Chris Withers wrote:
I don't think this is such a huge change, it's a change in the style of
what RP does already, not a complete re-implementation...
OTOH, with Python 3 now released, it seems unlikely that we'll see any
new syntax added to Python 2.x. So RP doesn't really need any sort of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
based on an earlier Zope 2.12 thread
http://mail.zope.org/pipermail/zope-dev/2008-October/033572.html
I propose that we get out an alpha version of Zope 2.12 by end
of February.
On Wednesday 21 January 2009, Andreas Jung wrote:
- RestrictedPython security audit: such an audit has been made
by Stefan and Sidnei. I am not qualified to speak about the
correctness of the audit. I assume they know what they were
doing. Unless objections one might consider this issue
35 matches
Mail list logo