Re: [Zope-dev] New test summarizer format

2011-04-04 Thread Jens Vagelpohl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/3/11 12:41 , Jens Vagelpohl wrote: On 3/29/11 11:15 , Adam GROSZER wrote: But it seems like it's about bugging Stephan Holek to stop the current one and bugging Jens to start the new one, or? Unless the script is broken. Could you run that

[Zope-dev] Zope Tests: 171 OK, 13 Failed, 2 Unknown

2011-04-04 Thread Zope Tests Summarizer
Summary of messages to the zope-tests list. Period Sun Apr 3 11:00:00 2011 UTC to Mon Apr 4 11:00:00 2011 UTC. There were 186 messages: 8 from Zope Tests, 4 from buildbot at pov.lt, 23 from buildbot at winbot.zope.org, 8 from ccomb at free.fr, 143 from jdriessen at thehealthagency.com. Test

Re: [Zope-dev] Zope Tests: 171 OK, 13 Failed, 2 Unknown

2011-04-04 Thread Jan-Wijbrand Kolman
On 4/4/11 12:57 , Zope Tests Summarizer wrote: Summary of messages to the zope-tests list. Period Sun Apr 3 11:00:00 2011 UTC to Mon Apr 4 11:00:00 2011 UTC. There were 186 messages: 8 from Zope Tests, 4 from buildbot at pov.lt, 23 from buildbot at winbot.zope.org, 8 from ccomb at free.fr,

Re: [Zope-dev] New test summarizer format

2011-04-04 Thread Jens Vagelpohl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/4/11 08:37 , Jens Vagelpohl wrote: On 4/3/11 12:41 , Jens Vagelpohl wrote: On 3/29/11 11:15 , Adam GROSZER wrote: But it seems like it's about bugging Stephan Holek to stop the current one and bugging Jens to start the new one, or? Unless

[Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Laurence Rowe
I've been looking into how we might add CSRF protection to z3c.form forms as we will be including z3c.form in Plone 4.1. Currently in Plone, we use plone.protect to add an authentication token to our forms and then check the token in the methods that get called. (plone.protect is BSD licensed, but

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Stephan Richter
On Monday, April 04, 2011, Laurence Rowe wrote: I'd be interested to know how other z3c.form users approach CSRF protection and what approach they would recommend. Hi Lawrence, I am okay with (1), but find (3) ore attractive. Since I am not familiar with the token solution to avoid CSRF

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Laurence Rowe
On 4 April 2011 14:57, Stephan Richter srich...@cosmos.phy.tufts.edu wrote: On Monday, April 04, 2011, Laurence Rowe wrote: I'd be interested to know how other z3c.form users approach CSRF protection and what approach they would recommend. Hi Lawrence, I am okay with (1), but find (3) ore

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Stephan Richter
On Monday, April 04, 2011, Laurence Rowe wrote: The authenticator is described on http://pypi.python.org/pypi/plone.protect, but basically it adds an HMAC-SHA signed token into the form submission. By validating this you know that the submission came from a form that your site rendered,

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Roger
Hi Laurence, Stephan Just because you can write login forms with z3c.form this package has nothing to do with authentication. That's just a form framework! Authentication is defently not a part of our z3c.form framework and should not become one. Why do you think authentication has something to

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Wichert Akkerman
On 2011-4-4 18:22, Roger wrote: Hi Laurence, Stephan Just because you can write login forms with z3c.form this package has nothing to do with authentication. That's just a form framework! Authentication is defently not a part of our z3c.form framework and should not become one. Why do

Re: [Zope-dev] zope.component test isolation

2011-04-04 Thread Wolfgang Schnerring
Hi, it seems to me this has stalled somewhat, so I wanted to ask what people's conclusions are. * Wolfgang Schnerring w...@gocept.com [2011-03-26 13:41]: * Martin Aspeli optilude+li...@gmail.com [2011-03-26 11:22]: On 26 March 2011 08:11, Wolfgang Schnerring w...@gocept.com wrote: I don't

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2011 12:23 PM, Wichert Akkerman wrote: On 2011-4-4 18:22, Roger wrote: Hi Laurence, Stephan Just because you can write login forms with z3c.form this package has nothing to do with authentication. That's just a form framework!

Re: [Zope-dev] zope.component test isolation

2011-04-04 Thread Martin Aspeli
Hi, On 4 April 2011 17:30, Wolfgang Schnerring w...@gocept.com wrote: So, how can we proceed here? Should I (and Thomas) try to get a proof-of-concept implementation of this based on plone.testing? Or should we think about what it takes to merge most of plone.testing's ZCA support into

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Shane Hathaway
On 04/04/2011 10:22 AM, Roger wrote: Just because you can write login forms with z3c.form this package has nothing to do with authentication. That's just a form framework! Authentication is defently not a part of our z3c.form framework and should not become one. Why do you think

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Roger
Hi Shane -Urspr√ľngliche Nachricht- Von: Shane Hathaway [mailto:sh...@hathawaymix.org] Gesendet: Montag, 4. April 2011 19:54 An: d...@projekt01.ch Cc: 'Laurence Rowe'; 'zope-dev'; stephan.rich...@gmail.com Betreff: Re: [Zope-dev] CSRF protection for z3c.form On 04/04/2011 10:22

Re: [Zope-dev] CSRF protection for z3c.form

2011-04-04 Thread Roger
Hi Stephan Betreff: Re: AW: [Zope-dev] CSRF protection for z3c.form On Monday, April 04, 2011, Roger wrote: Authentication is defently not a part of our z3c.form framework and should not become one. Why do you think authentication has something to do with the z3c.form library?

[Zope-dev] zope-tests - FAILED: 12, OK: 75, UNKNOWN: 2

2011-04-04 Thread Zope tests summarizer
This is the summary for test reports received on the zope-tests list between 2011-04-03 00:00:00 UTC and 2011-04-04 00:00:00 UTC: See the footnotes for test reports of unsuccessful builds. An up-to date view of the builders is also available in our buildbot documentation: