w.zope.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf
> Of Oliver Bleutgen
> Sent: Tuesday, June 10, 2003 7:35 AM
> To: [EMAIL PROTECTED]
> Subject: Re: small summary and big plea was:(Re: [Zope-dev] Versions:
> should they die?)
>
Toby Dickenson wrote:
> No criticism was implied public exploits are valuable part of
> the security process.
Its nice to hear not everyone in the industry has lost their mind.
/me glances at redmond
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born wit
On Tuesday 10 June 2003 09:32, Jamie Heilman wrote:
> Toby Dickenson wrote:
> > ! # Disable nasty insecure version support. Thanks to
> > ! # Jamie Heilman and everyone one zope-dev
>
> Unless you're damning me with faint praise for posting an exploit,
> (which is fine)
No criticis
Toby Dickenson wrote:
> ! # Disable nasty insecure version support. Thanks to
> ! # Jamie Heilman and everyone one zope-dev
Unless you're damning me with faint praise for posting an exploit,
(which is fine) this issue was found by Oliver, not me.
--
Jamie Heilman
On Friday 06 June 2003 21:28, Jamie Heilman wrote:
> Quick way to add 100 zodb connections and ~90M to the memory footprint
> with relatively little clue of who is responsible assuming traditional
> logging; presumeably one would get much trickier if they really wanted
> to obfuscate the source of
Dieter Maurer wrote:
If we really think, they were evil (I do not), we should make
them a separate product which can be downloaded and installed
by people who want it (like I do).
That seems like a good idea :-)
Chris
___
Zope-Dev maillist - [EMAIL PR
Oliver Bleutgen wrote:
> 2. Zope doesn't care if a correspondending Version instance to the value
> of REQUEST['Zope-Version'] exists, more exactly, zope doesn't care for
> the value of that Zope-Version variable at all.
Hmm, it doesn't care, but it does store it in memory. Pardon my fugly
non-
[EMAIL PROTECTED] wrote at 2003-6-4 09:21 -0700:
> ...
> I think I agree with the feeling that versions should stay in ZODB, but be
> depreciated/marked as "official evil" in ZMI.
We should not have components in the core distribution which we
mark "official evil".
If we really think, they wer
Oliver Bleutgen wrote at 2003-6-4 18:24 +0200:
> ...
> As you and Guido are talking about the ZMI (which means, AFAIK, the
> managament interface), let me just say that as far as I understand it,
> deprecating/marking-as-evil and even removing OFSP/Version.py is not
> what I would like to s
On Friday 06 June 2003 15:04, Shane Hathaway wrote:
> I think 2.6 ought to fix this by disabling recognition of the
> Zope-Version cookie
Setting this individually for each http port would better support existing
happy users of this feature. (Im sure there must be some ;-)
Being able to set up
One man's opinion:
- Version support (at the application level) should be optional in 2.7. You
should be able to turn it off (maybe through ZConfig). The default should
probably be off, since I think more people avoid them than use them.
I would suggest these approaches:
1: File a bug in the c
Sorry if is OT.
I'd like ZODB and Zope to support Revisions. That is, historical copies
that do not get removed when ZODB is packed.
DirectoryStorage allows you to designate classes that should have all their
history kept indefinitely. That may not have the flexibility that you need...
Do
Andy McKay wrote:
Im not keeping up on zope-3 at the moment, whats the plan for versions
there? Just wondering if there is any great solution there that can be
backported.
I think the solution for Zope 3 is to move all versioning to the
application layer. We've been doing this with CMF (using
Zo
> I think that will only work if there's a Version with the specified name.
Nope. One of the joys of Versions is that there is almost zero error
checking - you can put content into a non-existant / deleted / moved
version. And then you can't get it out.
It really sucks when you are using more th
Im not keeping up on zope-3 at the moment, whats the plan for versions
there? Just wondering if there is any great solution there that can be
backported.
--
Andy McKay
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/
Brad Clements wrote:
Sorry if is OT.
I'd like ZODB and Zope to support Revisions. That is, historical copies that do not get
removed when ZODB is packed.
Does the Version mechanism contribute to this kind of functionality?
No, not really. Maybe it can be coached into doing it, but not without
m
Anthony Baxter wrote:
Oliver Bleutgen wrote
As you and Guido are talking about the ZMI (which means, AFAIK, the
managament interface), let me just say that as far as I understand it,
deprecating/marking-as-evil and even removing OFSP/Version.py is not
what I would like to see happen (not only).
On Wednesday 04 June 2003 17:40, Brad Clements wrote:
> Sorry if is OT.
>
> I'd like ZODB and Zope to support Revisions. That is, historical copies
> that do not get removed when ZODB is packed.
DirectoryStorage allows you to designate classes that should have all their
history kept indefinitely.
>>> Oliver Bleutgen wrote
> As you and Guido are talking about the ZMI (which means, AFAIK, the
> managament interface), let me just say that as far as I understand it,
> deprecating/marking-as-evil and even removing OFSP/Version.py is not
> what I would like to see happen (not only).
>
> The
Paul Winkler wrote at 2003-6-3 14:00 -0400:
> ...
> It's been proposed that Versions should be
> at least stamped in the ZMI with big warnings, or possibly disabled
> altogether.
> ...
> Comments?
-3
I like versions and use them from time to time to automically
install changes on life serve
Can I, a humble Zope product developer, please make
a plea that anything "marked as an 'official evil'" be made
as invisible as possible? (I.e. that you make it disappear
unless specifically configured as an option, as was
suggested up-thread).
Zope is already full of deprecated methods that mak
[EMAIL PROTECTED] wrote:
If I remember correctly, though, there was still a lot in question about
legitimate use cases. The web-services cluster-safety use-case I sketched
out here (http://mail.zope.org/pipermail/zope3-dev/2002-October/003112.html)
is still (perhaps) a valid case, but ONLY in a ve
Sorry if is OT.
I'd like ZODB and Zope to support Revisions. That is, historical copies that do not
get
removed when ZODB is packed.
Does the Version mechanism contribute to this kind of functionality? I'd like to be
able to "tag" revisions of wiki pages and other documents, and then be able t
ROTECTED]
> Sent: Tuesday, June 03, 2003 5:08 PM
> To: Paul Winkler
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Zope-dev] Versions: should they die?
>
>
> > To anyone not following the "Problem committing zope
> 'version' objects"
> > thread on
> Perhaps Jeremy could run through his reasons for wanting them to
> stay around again?
That's not necessary. They could stay in ZODB (certainly cutting them
out of ZODB3 now would be more work than leaving them in) but be
disabled in ZMI.
--Guido van Rossum (home page: http://www.python.org/~gu
Paul Winkler wrote:
To anyone not following the "Problem committing zope 'version' objects"
thread on [EMAIL PROTECTED]: It's been proposed that Versions should be
at least stamped in the ZMI with big warnings, or possibly disabled
altogether. Numerous users have been bit by the fact that versio
Paul Winkler wrote:
To anyone not following the "Problem committing zope 'version' objects"
thread on [EMAIL PROTECTED]: It's been proposed that Versions should be
at least stamped in the ZMI with big warnings, or possibly disabled
altogether. Numerous users have been bit by the fact that versio
Paul Winkler wrote:
Comments?
They really should die. They cause nothing but pain and suffering.
Could we get at least some warnings in the ZMI before
2.6.2 final?
I do hope so. I'd also like to see them becoming an explicit configuration
option in 2.7 and not appear in any UI's unless they hav
>>> Guido van Rossum wrote
> IMO versions do nothing except complexify the code. I believe it's an
> official Zope Corp position to discourage them for new projects. Yet
> Jeremy Hylton seems to think that they are somehow useful and has
> carefully preserved them in ZODB 4 (== Zope 3). If it w
> IMO versions do nothing except complexify the code. I believe it's an
> official Zope Corp position to discourage them for new projects. Yet
> Jeremy Hylton seems to think that they are somehow useful and has
> carefully preserved them in ZODB 4 (== Zope 3). If it were up to me,
> they would h
> To anyone not following the "Problem committing zope 'version' objects"
> thread on [EMAIL PROTECTED]: It's been proposed that Versions should be
> at least stamped in the ZMI with big warnings, or possibly disabled
> altogether. Numerous users have been bit by the fact that versions
> basical
31 matches
Mail list logo