[Zope-Checkins] SVN: Zope/branches/tseaver-retire_zpkg/ Branch to back out 'zpkg'-based releases for Zope 2.9+.
Log message for revision 68803: Branch to back out 'zpkg'-based releases for Zope 2.9+. Changed: A Zope/branches/tseaver-retire_zpkg/ -=- Copied: Zope/branches/tseaver-retire_zpkg (from rev 68802, Zope/branches/2.9) ___ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/branches/tseaver-retire_zpkg/buildsupport/ No buildsupport.
Log message for revision 68804: No buildsupport. Changed: D Zope/branches/tseaver-retire_zpkg/buildsupport/ -=- ___ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/branches/tseaver-retire_zpkg/releases/ No 'releases'.
Log message for revision 68805: No 'releases'. Changed: D Zope/branches/tseaver-retire_zpkg/releases/ -=- ___ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins
[Zope-Checkins] SVN: Zope/branches/tseaver-retire_zpkg/ Note dropping of 'zpkg'; use a current version number.
Log message for revision 68810: Note dropping of 'zpkg'; use a current version number. Changed: U Zope/branches/tseaver-retire_zpkg/doc/CHANGES.txt U Zope/branches/tseaver-retire_zpkg/setup.py -=- Modified: Zope/branches/tseaver-retire_zpkg/doc/CHANGES.txt === --- Zope/branches/tseaver-retire_zpkg/doc/CHANGES.txt 2006-06-23 23:30:41 UTC (rev 68809) +++ Zope/branches/tseaver-retire_zpkg/doc/CHANGES.txt 2006-06-24 03:03:22 UTC (rev 68810) @@ -18,6 +18,9 @@ Bugs fixed + - Returned to the classic './configure make make install' +recipe, dropping the use of 'zpkg' for building Zope2 releases. + - OFS Application: Updated deprecation warnings. Support for '__ac_permissions__' and 'meta_types' will be removed in Zope 2.11, 'methods' support might remain longer. Modified: Zope/branches/tseaver-retire_zpkg/setup.py === --- Zope/branches/tseaver-retire_zpkg/setup.py 2006-06-23 23:30:41 UTC (rev 68809) +++ Zope/branches/tseaver-retire_zpkg/setup.py 2006-06-24 03:03:22 UTC (rev 68810) @@ -34,6 +34,7 @@ --install-platlib=/usr/local/lib/zope \ --install-purelib=/usr/local/lib/zope +ZOPE_VERSION = '2.9.4-alpha' import glob import os @@ -447,7 +448,7 @@ setup(name='Zope', author=AUTHOR, - version=2.8, + version=ZOPE_VERSION, maintainer=Zope Corporation, maintainer_email=zope-dev@zope.org, url = http://www.zope.org/;, ___ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins
[Zope] Basic Authentication SSL Redirector
Hi, After having started the thread about securing CookieCrumbler[1], I figured out that it was better to secure Basic Authentication instead. So, I just created a new Product, called JMSSLBasicAuth[2], which is based on the CookieCrumbler Transversal Hook. Instead of Cookie Authentication, I will redirect insecure Basic Authentication requests to ssl. I have tested it and it seems to work. I'm planning to use it in production websites, so, I would really appreciate if you could give me some constructive feedback about the product (See reference [2]), ie: what can I improve, change, or add? Thanks in advanced Josef [1] SSL Redirect for CookieCrumbler http://mail.zope.org/pipermail/zope/2006-June/166784.html [2] JMSSLBasicAuth - Secure Basic Authentication Redirector http://www.zope.org/Members/jmeile/JMSSLBasicAuth ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Basic Authentication SSL Redirector
Josef Meile schrieb: Hi, After having started the thread about securing CookieCrumbler[1], I figured out that it was better to secure Basic Authentication instead. So, I just Which is actually identically :-) Its just a different HTTP-Header involved :-) created a new Product, called JMSSLBasicAuth[2], which is based on the CookieCrumbler Transversal Hook. Instead of Cookie Authentication, I will redirect insecure Basic Authentication requests to ssl. You remember to stay in ssl once you switched? I have tested it and it seems to work. I'm planning to use it in production websites, so, I would really appreciate if you could give me some constructive feedback about the product (See reference [2]), ie: what can I improve, change, or add? I'd think you could add the redirection support (which can indeed be usefull and simplify configuration) in a way not disabling cookie-auth the same time. (For example you cannot really log out with Basic Auth) Regards Tino Wildenhain ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Basic Authentication SSL Redirector
After having started the thread about securing CookieCrumbler[1], I figured out that it was better to secure Basic Authentication instead. So, I just Which is actually identically :-) Its just a different HTTP-Header involved :-) Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you? created a new Product, called JMSSLBasicAuth[2], which is based on the CookieCrumbler Transversal Hook. Instead of Cookie Authentication, I will redirect insecure Basic Authentication requests to ssl. You remember to stay in ssl once you switched? Let's say I remember that. Let's also say that the user turns manually back to http, then an Unauthorized Exception will be raised by zope, so, he will be redirect again to ssl, where an HTTP-Header where already set. I checked it with the Live HTTP Headers of Firefox, and here the user won't send his credentials while switching to http, what you will see is this: -- http://some_url/folder1 GET /folder1 HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 302 Moved Temporarily Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Bobo-Exception-Line: 313 Content-Length: 2686 Bobo-Exception-Value: See the server error log for details Bobo-Exception-File: Expressions.py Bobo-Exception-Type: Unauthorized X-Zopeuser: Anonymous Location: https://some_url/folder1/index_html Content-Type: text/html WWW-Authenticate: basic realm=Zope Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- https://some_url/folder1/index_html GET /folder1/index_html HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: Basic YWRtaW46Zm9vcGFzcw== HTTP/1.x 200 OK Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Content-Length: 156 Content-Type: text/html X-Zopeuser: admin Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- On the contratry, with CookieCrumbler you will the your credentials encoded in base64, which can be easily decoded. I have tested it and it seems to work. I'm planning to use it in production websites, so, I would really appreciate if you could give me some constructive feedback about the product (See reference [2]), ie: what can I improve, change, or add? I'd think you could add the redirection support (which can indeed be usefull and simplify configuration) in a way not disabling cookie-auth the same time. (For example you cannot really log out with Basic Auth) I think you can, or how is it done in the ZMI? If I'm not wrong, there is something like a zmi_logout script, which raises an Unauthorized Exception, then you will see the popup window asking your credentials. Regards Josef ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Basic Authentication SSL Redirector
Josef Meile schrieb: After having started the thread about securing CookieCrumbler[1], I figured out that it was better to secure Basic Authentication instead. So, I just Which is actually identically :-) Its just a different HTTP-Header involved :-) Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you? Well, its more or less exactly the same as with BasicAuth :-) (base64 plaintext vs. plaintext in html forms does not really matter) created a new Product, called JMSSLBasicAuth[2], which is based on the CookieCrumbler Transversal Hook. Instead of Cookie Authentication, I will redirect insecure Basic Authentication requests to ssl. You remember to stay in ssl once you switched? Let's say I remember that. Let's also say that the user turns manually back to http, then an Unauthorized Exception will be raised by zope, so, he will be redirect again to ssl, where an HTTP-Header where already set. I checked it with the Live HTTP Headers of Firefox, and here the user won't send his credentials while switching to http, what you will see is this: -- http://some_url/folder1 GET /folder1 HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 302 Moved Temporarily Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Bobo-Exception-Line: 313 Content-Length: 2686 Bobo-Exception-Value: See the server error log for details Bobo-Exception-File: Expressions.py Bobo-Exception-Type: Unauthorized X-Zopeuser: Anonymous Location: https://some_url/folder1/index_html Content-Type: text/html WWW-Authenticate: basic realm=Zope Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- https://some_url/folder1/index_html GET /folder1/index_html HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: Basic YWRtaW46Zm9vcGFzcw== HTTP/1.x 200 OK Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Content-Length: 156 Content-Type: text/html X-Zopeuser: admin Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- nice password btw ;) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Import Modules
Hello, I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. I use Zope as an application server and my clients do not have access to the ZMI, so I'm not concerned with protection against misuse by my clients. Thanks in advance, -- Luiz Fernando B. Ribeiro ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Import Modules
Luiz Fernando B. Ribeiro wrote: Hello, I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. I use Zope as an application server and my clients do not have access to the ZMI, so I'm not concerned with protection against misuse by my clients. Thanks in advance, I recall seeing some documentation about this use case somewhere. I think it was in the folder with the python scripts product. -Jim Washington ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Import Modules
- Original Message - From: Luiz Fernando B. Ribeiro [EMAIL PROTECTED] To: zope@zope.org Sent: Friday, June 23, 2006 8:40 AM Subject: [Zope] Import Modules Hello, I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. I use Zope as an application server and my clients do not have access to the ZMI, so I'm not concerned with protection against misuse by my clients. This may get you pointed in the right direction: http://plone.org/documentation/how-to/using-unauthorized-modules-in-scripts hth Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Import Modules
--On 23. Juni 2006 09:40:41 -0300 Luiz Fernando B. Ribeiro [EMAIL PROTECTED] wrote: Hello, I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. Check for allow_module(). However this is *not* a solution for all and everything. There are several that will define not work properly with PythonScript (including 're'). If you need unrestricted access to Python: use external method or write a Zope product. If you're in CMF country: check out TrustedExecutables. All other approaches are just the wrong way... -aj pgpeJqGUmBSBh.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Basic Authentication SSL Redirector
Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you? Well, its more or less exactly the same as with BasicAuth :-) (base64 plaintext vs. plaintext in html forms does not really matter) Yes, but if you set only the authentication header in https and manually came back to http, then will you send your password in plain text? -- https://some_url/folder1/index_html GET /folder1/index_html HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: Basic YWRtaW46Zm9vcGFzcw== HTTP/1.x 200 OK Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Content-Length: 156 Content-Type: text/html X-Zopeuser: admin Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- nice password btw ;) Yes, a test password off course ;-). Will this being sent encrypted? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Basic Authentication SSL Redirector
Josef Meile schrieb: Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you? Well, its more or less exactly the same as with BasicAuth :-) (base64 plaintext vs. plaintext in html forms does not really matter) Yes, but if you set only the authentication header in https and manually came back to http, then will you send your password in plain text? No you dont. Cookies have a setting for that. Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Issue 1896: manage_changeProperties() vs manage_addProperty()
Berthold Stöger wrote: Hello, in Issue #1896 (http://www.zope.org/Collectors/Zope/1896), I describe a difference in the behaviour of manage_changeProperties() and of manage_addProperty(): An array of ints is converted to an array of strings with manage_addProperty(), but not with manage_changeProperties(). You closed the bug with the following comment: Type converters only deal with the outer type but not with the types of contained elements. This should be handled on the application level. Well, first of all this isn't true as my script shows (note: the report has a buggy test script, correct one attached): When using manage_addProperty(), the contents of the array *are* converted from integers to strings. Or maybe I'm reading you wrong? Furthermore, this still doesn't explain why the two functions behave differently. Digging a bit deeper, I found out that the culprit is in lib/python/OFS/PropertyManager.py: In manage_addProperty() the type_converter is always called, but in _updateProperty() the type_converter is only called if the value is a string. Similar code can be found in lib/python/OFS/PropertySheets.py Maybe there is some reason for this behaviour, but I can't think of one. Either of the following diffs (of course not both!) fixes the problem for me: I've reopened the bug. Florent -- Florent Guillaume, Nuxeo (Paris, France) Director of RD +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Import Modules
Andreas Jung wrote: I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. Check for allow_module(). However this is *not* a solution for all and everything. There are several that will define not work properly with PythonScript (including 're'). See Products/PythonScripts/README.txt for a description of how to enable regexps in python scripts. Florent -- Florent Guillaume, Nuxeo (Paris, France) Director of RD +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Import Modules
Andreas Jung wrote: I manage my own servers developing web applications and I would like to remove the import restrictions of python modules in python scripts. Is it possible? How can I allow other modules to be imported? I have been using external modules but it is starting to become nonproductive since I have to create functions to simple problems like md5, re, etc, and just using the needed modules would be much simple. Check for allow_module(). However this is *not* a solution for all and everything. There are several that will define not work properly with PythonScript (including 're'). See Products/PythonScripts/README.txt for a description of how to enable regexps in python scripts. Sorry, I meant Products/PythonScripts/module_access_examples.py Florent -- Florent Guillaume, Nuxeo (Paris, France) Director of RD +33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Improved Zope Org Proposal
Sorry for the cross-post; lets but wanted to make sure those on the zope-web list saw this. Lets keep this on the zope list going forward. For sometime, we have tried to coordinate various numbers of people in the community to get an improved Zope.org up and functional. Some of this improvement was through the 'visual' look and feel of the site and the other was by cleaning up what has been often thought as unmaintainable code as well as reducing the content scope of Zope.org. During this time, it was largely agreed that the zope.org site would highlight ZOPE the technology, Documentation, the products found in the Zope Code Repository, and highlight the community, to offload features which people had previously relied on zope.org for in the past. The current zope.org site would remain available for some time while a (tedious) and manual migration of content deemed beneficial would be placed on the new site. To the best of my knowledge, this is still agreed on by all those who over the months participated in countless #zope-web irc chats and discussions on the mailing lists. It then came to technology. Some cared some didn't. I personally didn't if the result was something which the community could be proud of and not make excuses for as they directed people to the site. This caused some stalling of the momentum. We had many ideas, some text which is in svn at codespeak, and artisitic work being done. Geoff Davis contacted me with a proposal which would get this move started and has offered resources to accomplish this to finally happen. They currently have taken the artistic work done by Tom Von Lahndorff and put it online at http://new.zope.nl for preview. I'd like to forward Geoff's proposal to the list, now that the Zope Foundation is setup to act on this generous offer by members of the community. I'd like to see this get blessed so we can move forward and finally get a site which has a focused scope and is something the community can be proud of. I have done some minor editorial changes to reflect discussions back and forth since the initial offering. A group of people in the (Plone) community have volunteered their time and resources to put together an improved, **interim** zope.org site. We understand that work is underway on a longer-term zope.org solution -- the current initiative is not intended to replace this longer-term work; rather, the goal is to improve upon the existing zope.org site until something better is put together. I am appending a sketch of the vision and would like very much to hear your feedback. Geoff Maintenance and Administration -- A number of people have expressed concerns about the maintenance of zope.org going forward. We share those concerns! A central goal in setting this site up is to make maintenance as painless as possible. Toward that end, we envision doing the following: * The zope.org site will be set up with the same software that runs plone.org. The sites will have different skins, of course, and will be configured a bit differently, but the underlying software will be the same. * The products on the site will all be off-the-shelf products that have an active community of developers. The current likely candidates: PlonePAS + LDAP for site management authentication, PloneHelpCenter for documentation, and PloneSoftwareCenter for software distribution. For bug tracking, either links to the existing ZC trackers or a Trac installation. * plone.org and zope.org software updates will be done at the same time and by the same people. The more similar the code/products are, the simpler it will be to update them in parallel. The Plone community will manage upgrades of the off-the- shelf code. However, if people decide to customize the code on the zope.org site, those people will then be responsible for ensuring its continued functionality during upgrades. This should be discouraged without valid requirements someone is willing to 'pay' for, either with $ or labor. * zope.org will have a paid sysadmin. Bas van der Linden of Amaze has volunteered the services of Wichert Akkerman, the very talented sysadmin who currently administers plone.org. * zope.org will be hosted outside of ZC's servers. I believe Bas has lined up a suitable box similar to the one that runs plone.org (dual P4-class processors, lots of memory). Content --- * Volunteers from the Zope community will be responsible for the site's content. The current mock-up uses a skin designed by Tom Von Lahndorff. I imagine that the initial text and information architecture will come from the svn repository of content that Andrew Sawyers and others have been working on. See http://new.zope.nl for an initial a mock-up. The existing concept of membership for uploading bit-rot content will be retired. * Existing community content on zope.org will NOT be migrated. The