agine *any* markup that would be transparent; it would pretty much
have to be embedded in whatever "comment" syntax the underlying language
defines.
Tres.
--
=======
Tres Seaver[EMAIL PROTECT
n object called
'browser_id_manager' whose job it is to generate such IDs cheaply; I
would recommend using it, instead.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Deal
_bar = Bar()
return result
# Always use self._getBar() instead of self._v_bar.
I don't think volatility is a good match for locks, which are tasked
with ensuring consistency.
Tres.
--
===
Tres Seaver
t put down people's ideas so quickly.
Exactly. Chris, note that *most* users don't want or need dynamic CSS;
this feature won't affect them.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zo
> pr.aq_acquire
>>> manage_permission("View", ["Owner"])
>>>
The real fix would be to rip out the use *anywhere* of
'self.aq_acquire'; the 'aq_aquire' function from Acquisition will
always do the Righ
t random
during a single session.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECT
things thats the problem.
Right, mostly for the same reasons you point out above: the perceived
threat isn't enough to warrant the pain.
--
===
Tres Seaver[EMAIL PRO
code here .
thread = Thread(TrustedSecurityTask(user_id))
thread.start()
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
... brackets, and
for typing code from memory after an all-day "planes, trains, and
automobiles" trip.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Deal
third party code for Zope3 was built in the test-driven culture,
and has at least some chance of migrating cleanly with confidence.
Tres.
--
===
Tres Seaver[EMAIL P
Stephan Richter wrote:
On Tuesday 13 April 2004 22:17, Tres Seaver wrote:
Of course, having two packages with names differing only in case is a
bit ugly.
Do we want to consider renaming one or both of these packages
to avoid the conflict?
-1 to renaming 'Zope'; the amount of third-
tilple users with the
same login and password exist at different "depths" from the root, but
with different roles, is not a good plan.
Is that right? If so, how do I go about implementing it? Finally, what
branches should I do this on?
Definitely not the 2.6 br
Chris Withers wrote:
Tres Seaver wrote:
Chris,
I would call the 2.6 branch "closed except for serious security bugs";
please don't check in new features or minor bugfixes there.
How come? and was this announced anywhere?
See the last topic in:
http://dev.zope.org/CVS/ZopeDev
Jim Fulton wrote:
Tres Seaver wrote:
Jim Fulton wrote:
Jim Fulton wrote:
Based on recent discussions, I've created a proposal:
http://dev.zope.org/Zope3/RenameTheZopePackage
to rename the "zope" package to "z". Unless there are strong
objections, we'll
--
--
2004-04-21T15:37:10 INFO(0) Zope Ready to handle requests
Why use the console, when you have zopectl?
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zo
s?
+1 from me.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL P
quot;MembershipTool" sometimes and most other tools not at all.
Okay, point taken. :)
How much do the tools listed interdepend on each other?
See the attached file.
Tres.
--
=======
Tres Seaver[EM
sting CVS repository in place *forever* (or until the 2.7
branch dies, whichever comes first ;).
-1 on merging *any* history prior to the creation of the 2.7 branch to
SVN; -0 on merging the mainline since then.
Tres.
--
=======
Tres S
ipped over it.
WRT DBTab: as of Zope 2.7, that product is obsolete: its functionality
has been folded into Zope.Startup's processing of the config file.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope C
Dario Lopez-Kästen wrote:
Tres Seaver wrote:
WRT DBTab: as of Zope 2.7, that product is obsolete: its
functionality has been folded into Zope.Startup's processing of the
config file.
We have to use DBTab atm because we are still using 2.6.2 in production
and we haven't tested 2
t the value on the TemporaryStorage!)
In Zope >= 2.7, zope.conf has a setting for this value.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers&
certificates.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL
ap).
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/z
s.zope.org:/cvs-repository \
co -r Zope-2_7-branch -d Zope-2.7-branch Zope
The 2.7 branch head works fine for me.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers"
the traceback be retrieved later from
sys.exc_info()?
+1; I don't want untrusted code handling tracebacks anyway.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers&
g the new
PluginRegistry code released as part of the PluggableAuthService
release; I am, however, pretty well booked up for the next few weeks.
I would be glad to advise anybody who felt called to take on such an
effort, however.
Tres.
--
======
robert rottermann wrote:
On Tue, 2004-05-18 at 14:15, Tres Seaver wrote:
I recently reworked Anthony Baxter's SQLSessions product for a
consulting customer, essentially modernizing the code and making it
compliant with the new Sessions interface (I dropped the bits which
do the
Dario Lopez-KÃsten wrote:
Tres Seaver wrote:
I recently reworked Anthony Baxter's SQLSessions product for a
consulting customer
<...snip...>
What I would like to do is revisit the effort, using the new
PluginRegistry code released as part of the PluggableAuthService
release; I
and the CMF; likewise a 'bareexcept-geddon'
(there might be a few places which are smart enough to do 'except:', but
I doubt it).
Tres.
--
===
Tres Seaver
this (I'm plannign to test that
explicitely as well).
Thoughts, suggestions, comments welcome ...
I am CC'ing Juan-David, in case he may be able to offer any insights
from the perspective of the Localizer product.
Tres.
--
===
T
t" problem.
- C
On Wed, 2004-05-19 at 14:43, Jamie Heilman wrote:
Tres Seaver wrote:
We should have a 'hasattr-geddon' and remove every trace of that
monstrosity from Zope and the CMF; likewise a 'bareexcept-geddon'
(there might be a few places which are smart enough to
em. The fact that the help system writes to the database is a
wart the size of my foot.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
__
>' is legitimate::
[/home/tseaver]
$ cat > test.xml
[/home/tseaver]
$ xmllint test.xml
I would be reluctant to duel with Daniel using my XML language lawyer chops.
Tres.
--
=======
Tres Seaver
t is still changing pretty rapidly, that hurts
more than most packages still in CVS.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers"
er remains up.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope
QUEST=None
if REQUEST is not None:
morestuf.update(REQUEST.form)
# ...
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
o me just now.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://
. If the intent is to
have the image created in the 'thumbnails' subfolder of 'self', then I
would spell your invocation as:
dispatcher = self.thumbnails.manage_addProduct['OFSP']
dispatcher.manage_addImage( )
Tres.
--
==
ule, those
> provided by this module are not able to accept Unicode strings that
> cannot be encoded as plain ASCII strings.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Deale
elsewhere, per Client.
(Untested):
# zope.conf.appserver1
%include zope.conf.common
clienthome /path/to/zope/var/appserver1
# zope.conf.appserver2
%include zope.conf.common
clienthome /path/to/zope/var/appserver2
Tres.
--
====
clone the cgi.FieldRequest set from the original request into the one
used for the retry).
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www
'zdaemon' handler, which uses a Unix-domain socket between parent and
child: we could either use a named pipe on Windows, or else a socket on
localhost, to achieve the same ends.
This would have the upside that 'zopectl' would work the same way on
windows, as well, whic
Florent Guillaume wrote:
tal:on-error is a bare except: !!
Is there any opposition to adding an
except ConflictError:
raise
in TALInterpreter::do_onError_tal ?
+10.
Tres.
--
===
Tres Seaver[EMAIL
hough I might clean up
the code a bit (the 'if not username or not password' bit). I am
presuming that the package builder for Debian allows you to include this
as a patch when packaging, and thus that you can move forward with
packaging Zope 2.7.2?
Tres.
you?
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/list
Lennart Regebro wrote:
Tres Seaver wrote:
The machinery won't be invoked for requests which don't need to
validate (e.g., for resources viewable by Anonymous). Could that be
the case for you?
No. Closer inspection seems to show that I actually don't get PAS to do
anything at al
Lennart Regebro wrote:
Tres Seaver wrote:
Here is what I just did:
1. Created a folder, 'pas_test' in the root of my Zope, with a
minimal 'index_html'.
2. Changed its security settings, removing "acquire" from the "View"
permission and gran
.
That wouldn't be a bad thing, at least when running in debug mode.
I need to get myself new commit rights at Zope.org again. ;)
Please do.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corpora
uot;
content.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://
s, with no connectivity for the
last couple. I do want to review the patch -- maybe I can get together
with ChrisM here in Vienna to look at it.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation
't
benefit from the medusa / concurrency intent of the patch, it seems as
though it might be a win (of *course* there aren't any tests for it!)
I am attaching the patch I have so far for review and comment.
Tres.
--
===
Tres
/Members/infrae/news/railroad_products_0_2
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maill
res.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/
Johan Carlsson wrote:
Tres Seaver wrote:
Johan Carlsson wrote:
What exactly is the filestream_iterator that the FileCacheManager uses?
As I understand it this is a new feature?
For Zope >= 2.7.2, ZPublisher defines an interface,
ZPublisher.Iterators.IStreamIterator. An application can return
Dieter Maurer wrote:
Tres Seaver wrote at 2004-10-9 12:04 -0400:
Stefan H. Holek wrote:
While testing a large-ish customer project under Zope 2.7.3 we found that
when an object with setDefaultAccess('deny') is used as the context for
a PythonScript, the script can no longer aquire tool
Tres Seaver wrote:
Dieter Maurer wrote:
Tres Seaver wrote at 2004-10-9 12:04 -0400:
Stefan H. Holek wrote:
While testing a large-ish customer project under Zope 2.7.3 we found
that
when an object with setDefaultAccess('deny') is used as the context for
a PythonScript, the script can
e my second patch applies).
I have not yet bee able to write a good test there yet (one which either
passes on the 2.7 head and fails for 2.7.2, or vice versa).
Tres.
--
=======
Tres Seaver[EMAIL PRO
using the argument over the guessed value (so that the application can
"fix" the problem). I agree that having different clients supply
different types is painful, but I don't think that "fixing" it at the
low level is reasonable (mechanism vs. policy).
In summary, I
tomped on.
"Guessing" should always be last in line, and used (at least by default)
only in the absence of explicit information.
Tres.
--
===
Tres Seaver
Today, 11;00-12:00 EDT, for network topology shift in the data center.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://ww
table?
I would guess that the medusa version is more neglected than the Python
one; is your experience otherwise?
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers"
ssue earlier, but couldn't cut it down to a simple case. I will
work on adding tests to AccessControl which make the intent clear (we
can still argue about whether to keep the change).
Tres.
--
===
Tres Seaver
Stefan H. Holek wrote:
On 09.10.2004, at 18:04, Tres Seaver wrote:
*By definition*, anybody who has declared 'setDefaultAccess('deny')
*wants* the behavior you describe: that declaration says, "unless I
give you explicit permission for using a name, refuse."
If Plo
il/python-list/2003-February/148277.html
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailma
t managing
bugfixes across multiple releases. We also haven't had lots
of "independent" feature work going on in the core.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation
it from a ZPT.
Doing the same on Zope 2.7.2 works fine.
To make this a useful test case, I need the product which implements the
"AccessControl Test" objects. Even better would be able to reproduce
the behviour using a minimal "dummy" class.
Tres.
--
===
Jim Fulton wrote:
Tres Seaver wrote:
Jim Fulton wrote:
3. Up to this point, we haven't had to be careful about managing
bugfixes across multiple releases.
Sure we have. We've had a release branch for
some time. Perhaps I should add:
The complaint you made earlier today (about
ecurity.setDefaultAccess(1)'),
the template which fails *should* fail; the fact that it used to
succeed was merely a security hole.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers"
oday.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailm
Andreas Jung wrote:
--On Freitag, 22. Oktober 2004 8:38 Uhr -0400 Tres Seaver
<[EMAIL PROTECTED]> wrote:
Andreas Jung wrote:
how severe is the problem that you have fixed? According to some
rumors the fix seems to break applications. The question for Zope
2.7.3 final is: is the problem
jected into the
'safe_builtins' mapping as '__import__'.
- It depends on assertions registered in the ModuleSecurityInfo
helper in $ZOPE_HOME/lib/python/AccessControl/SecurityInfo.py.
Tres.
--
===
Tres Seaver
.
- Phillip von Weitershausen is the author of a Zope3 book.
CC'ing them.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http
hrow
away your Data.fs" error scenarios. I am +0 on it if you can arrange
for the new behavior to happen only when Zope is running in debug mode.
+1 for the ConflictError exception.
Tres.
--
=======
Tres Seaver
n skel/bin like the other bin stuff?
No. 'skel' is the "skeleton instance" directory. 'test.py' is used for
testing Zope in the software home itself, in the absence of any
instance; it can't be pushed down into 'skel'.
Tres.
--
===
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
___
Zope-Dev maillist - [EMAIL PROTECTED]
http:
collector issue has patches for the three
issues, and a bunch of recent traffic:
http://zope.org/Collectors/Zope/1219
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers"
to improving relative imports will bite us again, here.
I expect "docutils" use is quite local.
Outside the package itself, only zREST depends on it, I think.
Tres.
--
=======
Tres Seaver[EMAIL P
for landing Mark's patch as a prerequisite to fixing *any*
Windows-service related bug in the future.
Tres.
--
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corpora
nonical" version of docutils
- doesn't impose unneeded restrictions on how people configure the
Python with which they run Zope.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation
Andreas Jung wrote:
--On Freitag, 17. Dezember 2004 11:34 Uhr -0500 Tres Seaver
<[EMAIL PROTECTED]> wrote:
Andreas Jung wrote:
I don't get this. Why couldn't we just delete the *entire* stripped-down
'docutils' package and replace it with the *whole* package *in
thread) or else register a new kind of server, which could be configured
(like the WebDAV source server) to listen on its own port.
For an example of such a Product, see "ZServerSSL",
http://sandbox.rulemaker.net/ngps/zope/zssl/
Tres.
--
====
core? Is it implemented correctly?" After that discussion, then
yes, the collector is the right place to post the (possibly amended) patch.
Tres.
--
===
Tres Seaver[EMAIL PROTECTED]
Zope C
er somewhat more cleanly.
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comm
eir users.
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - h
ion python' >> zope.conf
~ $ bin/zopectl restart
This patch makes the CMF 1.4 tests pass for me.
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zo
l port the change to C by Monday noon
(GMT-5).
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2
ecking it
in to your branch shortly, including modifying cAccessControl. Please
test further.
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://ww
command prompt or not.
It does affect what logging output goes to the console, however. If you
don't switch it on, and start Zope in the foreground, you wont see much
happen, at least until Zope hits a breakpoint.
Tres.
- --
===
.
This test is isomorphic to the fixed one in OFS.tests.testCopySupport.
I will repair it.
Tres.
- --
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.co
#x27;aq_acquire' to do the validation, precisely becuase *it* knows what the
real container is (from guarded_getattr, you have to guess). Please
verify that the head of the 2.7 branch resolves the issues you found.
Thanks very much for your work on this issue. I'm sorry
vinced him -- but
|> apparently, he did not change the code accordingly :-(
|>
|> Maybe, a bug report to the collector will help?
|>
|><http://www.zope.org/Collectors/Zope>
|>
|
| Best to include a patch as well :-)
And a new test which fails under the current
me' may lead to unexpected results
(it tries to guess, but may not be clever enough, especially if there is
any weird wrapping / unwrapping in play). This was essentially the
issue which led to the "spurious Unauthorized error" problem in Zope
2.7.3 (this point is germane or issue #153
t" emulation would probably be to call the user object's
'authorize' method, passing the proper values for accessed, container,
name, value, and roles. Figuring out the proper values is left as an
exercise for the reader ;).
Oracular'ly,
Tres.
- --
=
something from Andy / Alan / Sidnei soon.
I'd really like to see our "win32all" story cleaned up, per Mark
Hammond's issues, too.
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Co
there is no need to hurry with a release just
> for the sake of making a release. Means: if you need more time you
> weill get the time of course.
Tres.
- --
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim Peters wrote:
> [Tres Seaver]
> ...
>
>>Most of that work has been done on the trunk. The 'five-integration'
>>branch changes consist largely of:
>>
>>- Setting up an 'svn:external' link to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wolfgang Langner wrote:
> Hello,
>
> Tres Seaver wrote:
>
>
>>When you use 'svn:externals', the referenced package itself is *not*
>>part of the containing checkout; it is managed separately by the svn
>>
zope
>> I can spend time trying to shut up Zope X3 I guess, if that
>> is the only option...
Adding the required methods to the zope.app.mail.delivery thingy should
take less than an hour, I think.
Tres.
- --
===
Tres Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martijn Faassen wrote:
> Tres Seaver wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Jim Fulton wrote:
>>
>>> Martijn Faassen wrote:
>
> [snip]
>
>>>> Right, lib/p
e.org/Zope/?rev=29712&sortby=date&view=rev
I will resolve the issue.
Tres
- --
===
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
Versio
601 - 700 of 1808 matches
Mail list logo