On Tuesday January 6, 2009 21:08:19 Jorge Vargas wrote:
> I'm not against this per-se I'm just saying that the main reason of
> creating repoze.what (some months ago) was to emphasize it's relation
> to repoze.who, now that relationship is gone, back then it was a good
> idea, but now this project has (from an outsiders perspective) no
> relationship with repoze.* packages. It's not a "reinvention of a zope
> package" nor it depends on other repoze components. So what is it?

The way I see the Repoze project, it's _also_ about tools for arbitrary WSGI 

> The issue with repoze.what is that it was originally an authorization
> layer. This proposed change not only takes it outside the
> authorization realm, but makes it a direct competitor of repoze.who,
> instead of an extension as it was originally planned.

There's no reason why repoze.what will compete with repoze.who. repoze.who 
only focuses on authentication and identification, while repoze.what deals and 
will deal with authorization only; there's not even a single task that can be 
done with both repoze.who and repoze.what.

Right now you have to configure repoze.who through repoze.what because r.what 
has to "inject" its functionality through r.who plugins, which is ugly and 
imposes some limitations. And that's what would change, since r.what will be 
absolutely r.who-agnostic.

> So ones again I'm not saying no, I'm asking why? and if that is a
> valid reason will it still be worth naming this package repoze.what?

I'll answer with a question :) : Why not? After all, the only thing that would 
change from the user's perspective is that you would have to add two 
middlewares if you're using both r.who and r.what, instead of a single 
middleware. But under the hood, it will make things much simpler and more 
clear. And you'll get a plus: The ability to use a different 
authentication/identification framework.

Gustavo Narea <http://gustavonarea.net/>.

Get rid of unethical constraints! Get freedomware:
Repoze-dev mailing list

Reply via email to