On Feb 20, 2008, at 4:24 AM, Raphael Ritz wrote:
Hi Folks,
hi raphael,
at Wichert's request and in order to update us all I've just compiled the following overview.
nice job — thanks again for jumping in!
PLIP #216: Template overrides http://plone.org/products/plone/roadmap/216 https://dev.plone.org/plone/ticket/7750 -4 - never submitted (Raphael notes: not sure we are on trac here as all this is about is to include the z3c.jbot package from http://svn.zope.de/zope.org/z3c.jbot OTOH people who want that can just do it)
well, i guess first of all the fact that no bundle was officially submitted means that the code hasn't been reviewed either. so i don't think we can include it into the distribution just like that. however, that's "just" a policy issue, not a technical one. on the technical side, however, i think we shouldn't just include more and more ways of customizing plone. people, i.e. developers and integrators, are already confused more than they should be. so what we really should do is think about better ways to integrate something like jbot with customerize and the old customization story to make the whole customization story more consistent. so imo this could very well go into 3.2, but more as some part of a bigger effort in that area.
in short: i like the idea, but i'm -1 on including this _now_.
PLIP #224: CSRF protection framework http://plone.org/products/plone/roadmap/224 https://dev.plone.org/plone/ticket/7783 +2 - but either before or after merge efforts should be made to make use of those two new packages in the most important security related forms in Plone. AFAICS Andi is working on this currently but he sure would appreciate some help I guess.
yes, i am and of course help is much appreciated. however, i think there's actually not to much left to do code-wise, but having someone review the changes to make sure we're still on the right track and not forgetting any or even introducing new security-issues would be a good thing, imho. so please let me know if you're interested!
cheers, andi -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ plone 3.0.6 released! -- http://plone.org/products/plone
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
