Re: [Zope] Forum

2011-01-06 Thread Ricardo Newbery


Not sure about integration but GroupServer is built on Zope.

http://groupserver.org/

Cheers,
Ric



On Jan 6, 2011, at 6:09 AM, Richard Harley wrote:

 Hello all
 
 Are there any current forums which integrate into Zope nicely? I have 
 tried Zforum and Squishdot in the past but I don't think either of these 
 two have been updated in quite a while?
 
 Thanks
 Rich
 ___
 Zope maillist  -  Zope@zope.org
 https://mail.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )
 

___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] apache rules with zope

2009-09-04 Thread Ricardo Newbery


 - Original Message -
 From: Thomas Bennett bennet...@appstate.edu


 I'm trying to serve the files on the underlying directories straight
 through
 apache with no zope interaction.

 My main site has all content on zope.  I now have content also on the
 filesystem I want to server without leaving the site.  From
 http://wiki.zope.org/zope2/ZopeAndApache I found I could supposedly  
 use a
 rewrite condition to do such. So usiing the rewrite condition:

 RewriteCond %{REQUEST_URI} !^/(usage|zusage|ead2002|asu_ead)

 I thought would work.  I have found why the usage and zusage  
 directories
 work,
 there is a usage and zusage directory on the zope system so it  
 hasn't been
 using the file system at all for any of them.

 Below is the excerpt from wiki.zope.org that explains how to do this,
 which
 doesn't work for me.

 A lot of site content is in Zope, some parts are served directly by
 apache

 For this, we use the RewriteRule? where everything is inside Zope,  
 but
 slap a
 RewriteCond? in front of it:
 RewriteCond %{REQUEST_URI} !^/(stats|manual|static_images)
 RewriteRule ^(.*) \
 http://127.0.0.1:8080/VirtualHostBase/\
 http/%{SERVER_NAME}:80/www_example_com/VirtualHostRoot$1 [L,P]




Perhaps RewriteCond doesn't support the alternation syntax in the  
conditional pattern.  Not sure as I never use RewriteCond.  Most cases  
are easier written with just RewriteRules alone, like so:

RewriteRule ^/(stats|manual|static_images) - [L]
RewriteRule ^(.*) \
http://127.0.0.1:8080/VirtualHostBase/\
http/%{SERVER_NAME}:80/www_example_com/VirtualHostRoot$1 [P]

Ric





___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-24 Thread Ricardo Newbery
Ryan,

Thanks for the quick work on resolving this.  :-)

Ric



On Jul 24, 2009, at 10:15 AM, ryan_per...@mcafee.com wrote:

 Ok, the final analysis is as follows:

 We had an incorrect version regex that matched 2.10 the same as  
 2.1.  This issue seems to only affect zope version 2.0 through  
 2.5.01.  This lead to the vulnerability showing up with recent  
 versions of zope being scanned.

 We are fixing both the regex and the suggested fix.  The new  
 suggested fix will be to update to the appropriate version of zope  
 (in this case, post 2.5.01), not to replace it with something else.   
 This fix should be updated within the next week or so.

 If you have any further questions pertaining to McAfee (or  
 Foundstone) security reports, please feel free to contact me  
 directly, or via secur...@mcafee.com.  I am not a full time member  
 of this list, so I may not see any replies or questions made only to  
 the list.


 -Original Message-
 From: Permeh, Ryan
 Sent: Friday, July 24, 2009 9:53 AM
 To: li...@zopyx.com
 Cc: zope@zope.org
 Subject: RE: [Zope] HTTP Request Denial of Service Vulnerability

 It is not related the specified hotfix.  I'm getting details now,  
 but this is how it seems:
 1. this is from the Foundstone product, not a public advisory.  The  
 Foundstone product is a vulnerability scanner, and it seems that it  
 feels that the original poster's site is vulnerable to the stated  
 issue.
 2. The vulnerability check was written and published in 2002.
 3. I am looking into details regarding both what the details of this  
 issue originally were, and what we look for to trigger it's existence.

 This leads to a couple observations.

 1.  This is likely a false positive, unless the original poster was  
 running ridiculously old software.
 2. We will fix the check logic or remove the check entirely.  Checks  
 this old rarely add much value to the product
 3. In any case, if the check stays, we will update the text.  I'm  
 not sure who wrote the original text in 2002, but it obviously  
 doesn't apply now.


 -Original Message-
 From: Andreas Jung [mailto:li...@zopyx.com]
 Sent: Friday, July 24, 2009 9:43 AM
 To: Permeh, Ryan
 Cc: zope@zope.org
 Subject: Re: [Zope] HTTP Request Denial of Service Vulnerability

 Hi,




 On 24.07.09 18:24, ryan_per...@mcafee.com wrote:
 I manage product security at McAfee, of which Foundstone is a  
 part.  I am not aware of releasing such an advisory, and am looking  
 into this.  Could we get details regarding where this was found?   
 Was this posted to a web site?  A security mailing list?  And when  
 was it posted?  This may have a very different meaning if it was  
 published in 2001 or something like that.  Alternately, Foundstone  
 produces a vulnerability management software, was this in a report  
 generated by that product?


 I have no idea what you are talking about.

 We had this strange mail thread this week:

 http://mail.zope.org/pipermail/zope/2009-July/175308.html

 related to this hotfix

 http://www.zope.org/Products/Zope/Hotfix-2008-08-12

 Now how is this related to  HTTP Request Denial of Service  
 Vulnerability ???

 I can not find anything related to the subject within the list of  
 our hotfixes (which is pretty small since 2000):

 ___
 Zope maillist  -  Zope@zope.org
 http://mail.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-21 Thread Ricardo Newbery

On Jul 19, 2009, at 11:04 PM, TsungWei Hu wrote:

 The observation and recommendation is specifically generated by  
 Foundstone Labs' software.
 It's my fault to suggest that might be related to Hotfix-2008-08-12.
 From my side, I will try to stop improper information from  
 Foundstone lab.

 Thanks, marr


Which Foundstone software/service generated this bogus advisory?   
Details please.

Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] HTTP Request Denial of Service Vulnerability

2009-07-19 Thread Ricardo Newbery

It might be premature to blame this on Foundstone.  I can't seem to  
find this security advisory online at all.  No advisory id was  
included nor any reference at all and the recommendation doesn't look  
at all like what usually comes from a legit advisory.  I smeil a fake.

Ric



On Jul 19, 2009, at 7:55 PM, Chris McDonough wrote:

 I just sent the below via http://www.foundstone.com/us/contact-form.aspx 
  .  I'd
 suggest that others do the same; this company is totally wrong about  
 this
 conclusion...

 You recently issued a security warning to the effect:

 
 = Name =

 Zope HTTP Request Denial of Service Vulnerability

 = Description =

 A vulnerability in Zope may allow a remote attacker to manually  
 shutdown the system.

 = Observation =

 The Zope Web Content Management system has been identified with a  
 critical
 denial of service vulnerability. A malicious attacker could manually  
 shutdown
 the target system remotely via a custom web HTTP field request. This
 vulnerability is especially dangerous as the kill packet can be  
 completely
 forged thereby increasing the difficulty when tracking would be  
 intruders and
 attackers.

 = Recommendation =

 Although the Zope development environment is one of the largest and  
 most widely
 supported open source web content management solutions, it has been  
 plagued with
 exploitable vulnerabilities. Due to the nature of the software and  
 shear number
 of vulnerabilities, Foundstone Labs recommends you consider  
 utilizing a
 different content management solution and at a minimum upgrade your  
 software.
 Zope updates can be freely downloaded from www.zope.org
 

 Your conclusion here is wrong.  This particular vulnerability is  
 for Zope
 installations who offer the ability for *untrusted users* to add  
 code through
 the web.  This is not the default setup; a user needs to explicitly  
 enable such
 a setup. The conclusion is akin to saying that people should not use  
 Zope
 because they might do something bad to Zope if they have access to the
 administrative interface.  This is the case with *any* application  
 server or
 content management system.

 I'd suggest getting a little more knowledge about your material  
 before scaring
 folks.  The Zope folks do full-disclosure of all vulnerabilities;  
 it's up to you
 to discern the scary ones from the ho hum ones. This is  
 definitely a ho-hum
 one, and in no way deserves this conclusion.

 On 7/19/09 10:42 PM, Chris McDonough wrote:
 I have no idea who Foundstone Labs is, nor if the denial of service
 vulnerability they're talking about is indeed the one fixed by
 http://www.zope.org/advisories/advisory-2008-08-12/ but:

 a) if it is, if you read it closely, you'll note that it's for Zope  
 instances
 where untrusted users have unrestricted access to the ZMI and the  
 ability to add
 Python Scripts.  Do you have such a setup?

 b) Zope has historically been *very* secure; this company is utterly,
 completely, and hopelessly clueless (nor can they spell sheer).   
 If you want
 *real* security horror, I'd suggest taking their advice and  
 upgrading to any
 PHP based solution. ;-)

 - C


 On 7/19/09 10:06 PM, TsungWei Hu wrote:
 I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a
 security notice as follows. Is it sufficient to fix this just  
 installing
 http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/

 = Name =

 Zope HTTP Request Denial of Service Vulnerability

 = Description =

 A vulnerability in Zope may allow a remote attacker to manually  
 shutdown
 the system.

 = Observation =

 The Zope Web Content Management system has been identified with a
 critical denial of service vulnerability. A malicious attacker could
 manually shutdown the target system remotely via a custom web HTTP  
 field
 request. This vulnerability is especially dangerous as the kill  
 packet
 can be completely forged thereby increasing the difficulty when  
 tracking
 would be intruders and attackers.

 = Recommendation =

 Although the Zope development environment is one of the largest  
 and most
 widely supported open source web content management solutions, it  
 has
 been plagued with exploitable vulnerabilities. Due to the nature  
 of the
 software and shear number of vulnerabilities, Foundstone Labs  
 recommends
 you consider utilizing a different content management solution and  
 at a
 minimum upgrade your software. Zope updates can be freely downloaded
 from www.zope.orghttp://www.zope.org


 

 ___
 Zope maillist  -  Zope@zope.org
 http://mail.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists -
   http://mail.zope.org/mailman/listinfo/zope-announce
   http://mail.zope.org/mailman/listinfo/zope-dev )

 ___
 Zope maillist  -  Zope@zope.org
 

Re: [Zope] Mod_Rewrite port 8080

2009-04-06 Thread Ricardo Newbery

On Apr 6, 2009, at 10:01 AM, Bobby wrote:


 Hi,

 I want to use mod_rewrite on Apache to redirect http://internal:80/internal 
  to http://internal:8080/internal so that when the user request 
 http://internal:80/internal 
 , the Zope folder foo will be served up. I still want http://internal:80/ 
  to stay intact so that the contents from port 80 will still be  
 served; just the http://internal:80/internal to point to the Zope  
 folder http://internal:8080/internal. Hope that makes sense. Could  
 someone help me out with the syntax?  Tried the syntax below but not  
 getting desired results. Thanks!

 VirtualHost internal
 ServerName internal
 RewriteEngine On
 RewriteRule ^/(.*) 
 http://internal:8080/VirtualHostBase/http/internal:80/internal/VirtualHostRoot/$1
  
  [L,P]
 /VirtualHost



http://www.google.com/search?q=Virtual+Host+Monster+Inside+Out;

 RewriteRule ^internal/(.*) 
 http://internal:8080/VirtualHostBase/http/internal:80/internal/VirtualHostRoot/_vh_internal/$1
  
  [P]



Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] How do I migrate CacheFu

2008-04-16 Thread Ricardo Newbery


On Apr 16, 2008, at 6:59 PM, Manuel Vazquez Acosta wrote:


Hi all,

I'm moving a Plone site from one server to another. At the same time I
have upgraded Plone 2.5 to 2.5.5.

I have managed to move all contents without major problems.

Now I'm dealing with CacheFu. It refuses to enabled. I digged into the
code and notice this:

265 if installed_version != __version__:
266  	# CacheSetup hasn't migrated yet so let's disable  
it.

267 field = self.getField('enabled')
268 if field is None:
269 self._updateSchema()
270 elif field.get(self) == True:
271 field.set(self, False)
272 if getToolByName(self, config.PAGE_CACHE_MANAGER_ID,
None) is not None:
273  -  enableCacheFu(self, False)
274 
(Pdb) installed_version != __version__
True
(Pdb)


So it seems I have not properly migrated CacheFu. How do I do that?

Best regards,
Manuel.



You are on the wrong list.  Try the plone-users list instead.

Ric




___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] merging zodb's

2008-04-01 Thread Ricardo Newbery


On Apr 1, 2008, at 3:29 PM, David Bear wrote:

I have a zodb from a dead zope instance that I wanted to merge in to  
another
running zope. I thought I could use a mount point to do this and  
just specify

the old zodb for the storage in my mount point.

alas, this did not work as expect. After making the modification in my
zope.conf like this:

zodb_db support 
   # ssw file store
   filestorage
 path $INSTANCE/var/srvx-Data.fs
   /filestorage
   mount-point /support
/zodb_db

And then restarting zope and adding the mount point -- I see nothing
underneath it.

So, I assume this is NOT a valid way to merge to zodb's together?

Does anyone have an suggestions on a way I might combine 2 zodb's?



This is not well documented but I believe you can only mount a subitem  
from the database, not the root of the database.  So rename the mount  
point to the name of the subitem you want to mount and I think it  
should work.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: Zeo and conflict resolution (was suddenly confused)

2008-01-30 Thread Ricardo Newbery


On Jan 30, 2008, at 9:32 AM, Tres Seaver wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:


Another related question.  With respect to conflict resolution, is is
safe to assume that products (with _p_resolveConflict methods) in the
main Zope products directory are already available to the ZEO server
without any special configuration?


Only if you installed the ZEO server instance from a Zope  
software;  if
you installed it via a ZODB-only installation, then the products  
won't
be available (because they aren't shipped with the standalone ZODB  
tarball).



Thanks.  Okay, then assuming you've installed ZEO from Zope software,  
if your third-party product includes conflict resolution by  
instantiating a class defined in the Zope product directory, then is  
it also safe to assume that this product resolution is still  
available to the ZEO server?  For example, if I have the following in  
MyProduct:


from BTrees import Length

class MyClass(...):
_count = None

def incrementCount(self):
if self._count is None:
self._count = Length.Length()
self._count.change(1)

def getCount(self):
return self._count()

Then do I have to make MyProduct.MyClass available to ZEO or is it  
enough that BTrees.Length is available?


Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: suddenly confused

2008-01-30 Thread Ricardo Newbery


On Jan 30, 2008, at 10:42 AM, Dieter Maurer wrote:


Ricardo Newbery wrote at 2008-1-29 01:19 -0800:

...
Apologies for jumping late in this thread but how precisely should
App.FindHomes be imported?


Someone else reported about a ZEO patch that does the same thing
without a need to import App.FindHomes.

If you have Zope installed and ZEO is running
in the Zope installation (shares its code), then import  
App.FindHomes

in sufficient to import App.FindHomes.



Any plans to incorporate either of these solutions in the next  
release?  I would like to avoid trying to explain how to do this to  
users of a third-party product that needs to be accessible to ZEO.




And a related question.  Any suggestions on how to support multiple
product directories like a non-zeo config?  I checked already and
zeo.conf doesn't appear to support the products directive.


App.FindHomes can be controlled via the envvar PRODUCTS_PATH.
If defined, it is a pathsep separated sequence of directories
where Zope should look for products.
It may contain %()s patterns with  from
PRODUCTS_PATH, SOFTWARE_PRODUCTS and INSTANCE_PRODUCTS.
In these cases, the pattern is replaced by the corresponding path.



Ahh... this sounds good.  So, assuming App.FindHomes in imported,  
then all I would need to explain is how to add the necessary export  
lines to zeo.conf?  (or maybe zeoctl?)


Thanks,
Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: Zeo and conflict resolution (was suddenly confused)

2008-01-30 Thread Ricardo Newbery


On Jan 30, 2008, at 11:17 AM, Tres Seaver wrote:


Ricardo Newbery wrote:

Okay, then assuming you've installed ZEO from Zope software,
if your third-party product includes conflict resolution by
instantiating a class defined in the Zope product directory, then is
it also safe to assume that this product resolution is still
available to the ZEO server?  For example, if I have the following in
MyProduct:

from BTrees import Length

class MyClass(...):
 _count = None

 def incrementCount(self):
 if self._count is None:
 self._count = Length.Length()
 self._count.change(1)

 def getCount(self):
 return self._count()

Then do I have to make MyProduct.MyClass available to ZEO or is it
enough that BTrees.Length is available?


That is enough:  the Length class derives from Persistent, which means
that handle their own conflict resolution:  as long as your product  
doss
no conflict resolution of its own, it doesn't need to be imported  
by the

storage server.

Tres.



Great, thanks.

Has anyone given thought to maybe providing a more general class with  
conflict resolution in the core distribution?  The Length class works  
for simple counters and I guess it can also be used for just simple  
assignments, but what about something more complicated, perhaps with  
some sort of factory defined at the moment of instantiation?


Assuming this is even possible, having such a general purpose  
conflict resolution class defined in the Zope products directory  
might make it easier to distribute a third-party product that needs a  
little conflict resolution.  Just a thought.


Ric





___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: Zeo and conflict resolution (was suddenly confused)

2008-01-30 Thread Ricardo Newbery


On Jan 30, 2008, at 12:59 PM, Tres Seaver wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:


Has anyone given thought to maybe providing a more general class with
conflict resolution in the core distribution?  The Length class works
for simple counters and I guess it can also be used for just simple
assignments, but what about something more complicated, perhaps with
some sort of factory defined at the moment of instantiation?

Assuming this is even possible, having such a general purpose
conflict resolution class defined in the Zope products directory
might make it easier to distribute a third-party product that needs a
little conflict resolution.  Just a thought.


Custom CR code is *hard* to get right:  most people would be better  
off

using stock code (e.g., on of the tree types defined in the BTrees
package, or Length).  Those who can get it right aren't likely to need
their hands held.  ;)



I meant easier for the end user, not the developer.  It's kind of  
complicated right now to explain how to set up a ZEO configuration to  
work with your third-party product.  Makes it a bit of hurdle to  
distribute such a thing for general use.


Oops, I just realized that Length won't work for simple assignments  
as the conflict resolution assumes it's trying to resolve a counter  
(which should have been obvious, I know).  Is there zope core class I  
can use for a simple assignment, that maybe resolves conflicts by  
just picking the last value assigned?


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: Zeo and conflict resolution (was suddenly confused)

2008-01-30 Thread Ricardo Newbery


On Jan 30, 2008, at 1:39 PM, Chris McDonough wrote:


Ricardo Newbery wrote:

On Jan 30, 2008, at 12:59 PM, Tres Seaver wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ricardo Newbery wrote:

Has anyone given thought to maybe providing a more general class  
with
conflict resolution in the core distribution?  The Length class  
works

for simple counters and I guess it can also be used for just simple
assignments, but what about something more complicated, perhaps  
with

some sort of factory defined at the moment of instantiation?

Assuming this is even possible, having such a general purpose
conflict resolution class defined in the Zope products directory
might make it easier to distribute a third-party product that  
needs a

little conflict resolution.  Just a thought.


Custom CR code is *hard* to get right:  most people would be  
better off

using stock code (e.g., on of the tree types defined in the BTrees
package, or Length).  Those who can get it right aren't likely to  
need

their hands held.  ;)
I meant easier for the end user, not the developer.  It's kind of  
complicated right now to explain how to set up a ZEO configuration  
to work with your third-party product.  Makes it a bit of hurdle  
to distribute such a thing for general use.
Oops, I just realized that Length won't work for simple  
assignments as the conflict resolution assumes it's trying to  
resolve a counter (which should have been obvious, I know).  Is  
there zope core class I can use for a simple assignment, that  
maybe resolves conflicts by just picking the last value assigned?


There is no such thing as the last value during a conflict (only  
three states: what's in the database, and the two conflicting  
states: what connection1 says, and what connection2 says).  If the  
values are always going to have a __cmp__ method or if they can be  
otherwise compared (like integers), and if you're willing to accept  
the highest of the three states, you might use the conflict  
resolution policy of Products.Transience.Transience.py.Increaser.



Great, that's exactly what I need.  Thanks.

I also noticed another interesting option for a counter at  
Products.Transience.Transience.Length2.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Re: suddenly confused

2008-01-29 Thread Ricardo Newbery


On Jan 19, 2008, at 10:39 AM, Dieter Maurer wrote:


Tres Seaver wrote at 2008-1-18 21:06 -0500:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Bear wrote:

I'm doing my first zeo setup, and suddenly I'm not sure about my
products directory. Do I put all products in a products directory of
the zeo server or in each zope instance?


Normally the ZEO server doesn't need to have access to the products,
which are application code.  The only exception is for products  
which

define classes having application-level conflict resolution:  in such
cases, the ZEO server must be able to import the product (or else the
conflict resolution code is not consulted).


As an additional note:

  Zope uses Python import magic to make packages available
  in INSTANCE_HOME/Products as additional products in
  the Products package.

  If some of these products need application specific conflict
  resolution, the ZEO server needs to activate this
  import magic -- by importing Zope's App.FindHomes.

--
Dieter



Dieter,

Apologies for jumping late in this thread but how precisely should  
App.FindHomes be imported?


And a related question.  Any suggestions on how to support multiple  
product directories like a non-zeo config?  I checked already and  
zeo.conf doesn't appear to support the products directive.


Ric


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Zeo and conflict resolution (was suddenly confused)

2008-01-29 Thread Ricardo Newbery


On Jan 29, 2008, at 1:19 AM, Ricardo Newbery wrote:


On Jan 19, 2008, at 10:39 AM, Dieter Maurer wrote:

  Zope uses Python import magic to make packages available
  in INSTANCE_HOME/Products as additional products in
  the Products package.

  If some of these products need application specific conflict
  resolution, the ZEO server needs to activate this
  import magic -- by importing Zope's App.FindHomes.

--  
Dieter



Dieter,

Apologies for jumping late in this thread but how precisely should  
App.FindHomes be imported?


And a related question.  Any suggestions on how to support multiple  
product directories like a non-zeo config?  I checked already and  
zeo.conf doesn't appear to support the products directive.


Ric



Another related question.  With respect to conflict resolution, is is  
safe to assume that products (with _p_resolveConflict methods) in the  
main Zope products directory are already available to the ZEO server  
without any special configuration?


Ric



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: ZPL and GPL: What should one consider when choosing a license?

2007-12-21 Thread Ricardo Newbery


On Dec 21, 2007, at 12:53 PM, Ross Patterson wrote:

 [snip some stuff about GPL versus ZPL]



Guys... please don't crosspost.  It's hard to follow a thread like  
this when it gets fragmented across different lists.  If you feel the  
need to solicit advice from multiple communities then IMHO it's much  
more useful (and less likely to devolve into a flame war) to start a  
separate thread for each.


For my part, I'm going to just pick one list and respond there -- I'm  
guessing that zope@zope.org is most germane.


Thanks,
Ric









___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Re: ZPL and GPL: What should one consider when choosing a license?

2007-12-21 Thread Ricardo Newbery



On Dec 21, 2007, at 9:48 PM, Alex Turner wrote:


au contraire - it is the ZPL which is anti-sharing in my  
estimation.  You do not have to contribute changes back to a  
project which you extend in a BSD style license, so you can take a  
BSD style licensed product, extend it, and sell it without giving a  
single thing back to the original author of the original system  
except a credit note in the copyright statement.


BSD and ZPL is share and do what you like
GPL is share and share alike

Thats the core philosophy difference.  If you like others to share  
too, then use GPL or LGPL (possibly AGPL actually, GPL doesn't  
gaurentee much of anything for application service providers as  
I've found out, which is probably most people using Plone etc.), if  
you want to give your code away then use BSD/ZPL, if you want  
changes back, then use AGPL.  And if you think it wont happen, it  
already did.  Microsoft took the BSD Kerberos code and re-purposed  
it into Windows, changed the protocol slightly and pissed off many  
people.




I would be careful about using labels like anti-sharing to describe  
individual licenses.  As you acknowledged, both licenses are used to  
share software.  ZPL-shared software comes with few strings  
attached.  GPL-shared software comes the share alike string  
attached.  It's a bit of a semantic question which is more true to  
the spirit of *sharing* so I'm going skip that debate.


Chris McDonough didn't appear to label the GPL as anti-sharing.  On  
the contrary, it's the existence of *both* licenses in the same  
community that he appears to describe as anti-sharing.  And since in  
the Zope community, the ZPL came first and is the core license, it's  
a legitimate complaint that it's the later adoption of a different  
license by a subcommunity that is the primary culprit.


Ric
(a licensing agnostic)



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] AssertionError after update to Zope 2.8.1

2005-08-21 Thread Ricardo Newbery


Oh so close...

Migrated from Zope 2.7.2 to 2.8.1
Updated all the Catalog instances according to the instructions.
Fixed a few outdated products.

Then just for kicks, I tried to update the Python scripts by visiting 
the /manage_addProduct/PythonScripts/recompile url.  After about a 
minute, it threw up an error page.  This is what shows up in the 
log...



2005-08-21T01:56:45 ERROR txn.170046464 Error in abort() on manager 
Connection at 0956724c

Traceback (most recent call last):
  File /Zope-2.8/lib/python/transaction/_transaction.py, line 456, 
in _cleanup

  File /Zope-2.8/lib/python/ZODB/Connection.py, line 348, in abort
  File /Zope-2.8/lib/python/ZODB/Connection.py, line 360, in _abort
AssertionError
--
2005-08-21T01:56:45 ERROR Zope.SiteErrorLog 
http://someurl.com/manage_addProduct/PythonScripts/recompile

Traceback (most recent call last):
  File /Zope-2.8/lib/python/ZPublisher/Publish.py, line 119, in publish
  File /Zope-2.8/lib/python/Zope2/App/startup.py, line 215, in commit
  File /Zope-2.8/lib/python/transaction/_manager.py, line 84, in commit
  File /Zope-2.8/lib/python/transaction/_transaction.py, line 381, in commit
  File /Zope-2.8/lib/python/transaction/_transaction.py, line 379, in commit
  File /Zope-2.8/lib/python/transaction/_transaction.py, line 424, 
in _commitResources

  File /Zope-2.8/lib/python/ZODB/Connection.py, line 462, in commit
  File /Zope-2.8/lib/python/ZODB/Connection.py, line 483, in _commit
AssertionError


Nothing appears to be broken yet but I'm wondering whether I should 
roll back to my backup.  Anyone have any ideas about this error?  I'm 
tempted to just pretend that I didn't see it.

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )