Re: [Zope-dev] KGS 3.4.1 versions
Hello Jonathan, done Monday, April 19, 2010, 6:56:34 PM, you wrote: JB> On Thu, Apr 15, 2010 at 12:29 PM, Adam GROSZER wrote: >> Hello, >> >> There is a sheet with versions for KGS 3.4.1 >> http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html >> >> Anyone for/against those versions? JB> Tres Seaver just released zope.securitypolicy 3.4.4 (3.4.3 was buggy). JB> There was a subtle bug, which was triggered if you used JB> zope.securitypolicy's security policy without having zope.dublincore JB> package already loaded. JB> See https://bugs.launchpad.net/bugs/564525 for more informations. JB> Could I suggest you to include this version (3.4.4) in Zope KGS 3.4.1 ? JB> Thanks, JB> Jonathan -- Best regards, Adam GROSZERmailto:agros...@gmail.com -- Quote of the day: 'Tis mad idolatry to make the service greater than the god. - William Shakespeare ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
On Thu, Apr 15, 2010 at 12:29 PM, Adam GROSZER wrote: > Hello, > > There is a sheet with versions for KGS 3.4.1 > http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html > > Anyone for/against those versions? Tres Seaver just released zope.securitypolicy 3.4.4 (3.4.3 was buggy). There was a subtle bug, which was triggered if you used zope.securitypolicy's security policy without having zope.dublincore package already loaded. See https://bugs.launchpad.net/bugs/564525 for more informations. Could I suggest you to include this version (3.4.4) in Zope KGS 3.4.1 ? Thanks, Jonathan ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Hello Christophe, Sunday, April 18, 2010, 2:54:08 AM, you wrote: CC> Adam GROSZER a écrit : >> Hello, >> >> There is a sheet with versions for KGS 3.4.1 >> http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html >> >> Anyone for/against those versions? >> >> The open questions that remain: >> * What about pytz 2010g? >> * Which lxml version to take? 1.3.6? >> * What about zope.app.container 3.6.2? >> * Would be nice to have zope.testbrowser 3.5.1 >> >> Comments are welcome. >> CC> For the KGS 3.4.1, I think we should upgrade zc.buildout to at least 1.3.1. CC> while releasing z3c.layer, I've run into a bug of zc.buildout 1.1 that prevented CC> from adding "extras" dependencies for tests. Versions updated. -- Best regards, Adam GROSZERmailto:agros...@gmail.com -- Quote of the day: God hides things by putting them all around us. - Anonymous ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Adam GROSZER a écrit : > Hello, > > There is a sheet with versions for KGS 3.4.1 > http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html > > Anyone for/against those versions? > > The open questions that remain: > * What about pytz 2010g? > * Which lxml version to take? 1.3.6? > * What about zope.app.container 3.6.2? > * Would be nice to have zope.testbrowser 3.5.1 > > Comments are welcome. > For the KGS 3.4.1, I think we should upgrade zc.buildout to at least 1.3.1. while releasing z3c.layer, I've run into a bug of zc.buildout 1.1 that prevented from adding "extras" dependencies for tests. Christophe ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Christophe Combelles a écrit : > Roger a écrit : >> Hi >> >>> Betreff: Re: [Zope-dev] KGS 3.4.1 versions >>> >>> Adam GROSZER a écrit : >>>> Hello, >>>> >>>> There is a sheet with versions for KGS 3.4.1 >>>> >>> http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output= >>>> html >>>> >>>> Anyone for/against those versions? >>>> >>>> The open questions that remain: >>>> * What about pytz 2010g? >>>> * Which lxml version to take? 1.3.6? >>>> * What about zope.app.container 3.6.2? >>>> * Would be nice to have zope.testbrowser 3.5.1 >>>> >>>> Comments are welcome. >>>> >>> z3c.layer has a major security issue, because of trusted >>> traversing adapters that removes the security proxy >>> everywhere. >> yes and no, only miss use could end in security issues >> It's not really a security issue, it's the only concept which allows >> to use nested sites with more then one IAuthentication utility >> and allows to authenticate on objects behind the first site. >> >> But since this was such a rare use case, we decided to split >> the package in different packages which also supports a non >> trusted setup. This makes the packages more general usable >> without to run into security issues based on trusted >> confirgurations where non trusted is needed. >> >>> This package has been retired and splitted into >>> its 3 subpackages : >>> >>> z3c.layer.minimal >>> z3c.layer.pagelet >> Both package above should not use trusted traverser >> >>> z3c.layer.trusted >> This package should still use trusted traverser >> >>> There is no problem upgrading to branch 1.0 of these >>> packages, as they don't have any significant changes, >>> excepted the splitting. However: >>> >>> z3c.layer.pagelet should be in version 1.0.2. Nothing below. >>> z3c.layer.minimal has no corrected 1.0 branch. A new >>> maintenance release 1.0.2 of this package should be released. >>> z3c.layer.trusted is OK, since this is trusted in purpose. (I think) >> Yes > > > Ok thanks, I'll release z3c.layer.minimal during the WE. I've released z3c.layer.minimal 1.0.2 with the fix, and z3c.layer 0.2.4 with the same fix. For the KGS 3.4.1, we just have to upgrade z3c.layer to 0.2.4. No need to add z3c.layer.[pagelet|minimal|trusted] Christophe > > > >> Regards >> Roger Ineichen >> >>> Christophe >>> ___ >>> Zope-Dev maillist - Zope-Dev@zope.org >>> https://mail.zope.org/mailman/listinfo/zope-dev >>> ** No cross posts or HTML encoding! ** (Related lists - >>> https://mail.zope.org/mailman/listinfo/zope-announce >>> https://mail.zope.org/mailman/listinfo/zope ) >>> >> >> > > ___ > Zope-Dev maillist - Zope-Dev@zope.org > https://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Roger a écrit : > Hi > >> Betreff: Re: [Zope-dev] KGS 3.4.1 versions >> >> Adam GROSZER a écrit : >>> Hello, >>> >>> There is a sheet with versions for KGS 3.4.1 >>> >> http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output= >>> html >>> >>> Anyone for/against those versions? >>> >>> The open questions that remain: >>> * What about pytz 2010g? >>> * Which lxml version to take? 1.3.6? >>> * What about zope.app.container 3.6.2? >>> * Would be nice to have zope.testbrowser 3.5.1 >>> >>> Comments are welcome. >>> >> z3c.layer has a major security issue, because of trusted >> traversing adapters that removes the security proxy >> everywhere. > > yes and no, only miss use could end in security issues > It's not really a security issue, it's the only concept which allows > to use nested sites with more then one IAuthentication utility > and allows to authenticate on objects behind the first site. > > But since this was such a rare use case, we decided to split > the package in different packages which also supports a non > trusted setup. This makes the packages more general usable > without to run into security issues based on trusted > confirgurations where non trusted is needed. > >> This package has been retired and splitted into >> its 3 subpackages : >> >> z3c.layer.minimal >> z3c.layer.pagelet > > Both package above should not use trusted traverser > >> z3c.layer.trusted > > This package should still use trusted traverser > >> There is no problem upgrading to branch 1.0 of these >> packages, as they don't have any significant changes, >> excepted the splitting. However: >> >> z3c.layer.pagelet should be in version 1.0.2. Nothing below. >> z3c.layer.minimal has no corrected 1.0 branch. A new >> maintenance release 1.0.2 of this package should be released. >> z3c.layer.trusted is OK, since this is trusted in purpose. (I think) > > Yes Ok thanks, I'll release z3c.layer.minimal during the WE. > > Regards > Roger Ineichen > >> Christophe >> ___ >> Zope-Dev maillist - Zope-Dev@zope.org >> https://mail.zope.org/mailman/listinfo/zope-dev >> ** No cross posts or HTML encoding! ** (Related lists - >> https://mail.zope.org/mailman/listinfo/zope-announce >> https://mail.zope.org/mailman/listinfo/zope ) >> > > > ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Hello, I think it's about having a known set of versions for the tests. Not that test run picks up some newer versions and the tests suddenly fail. On Fri, Apr 16, 2010 at 2:21 PM, Lennart Regebro wrote: > On Thu, Apr 15, 2010 at 12:29, Adam GROSZER wrote: >> The open questions that remain: >> * What about pytz 2010g? > > I'm not sure it makes sense fixing it to a particular version at all, > as you might want timezone updates separately. Just sayin'. :) > > -- > Lennart Regebro: Python, Zope, Plone, Grok > http://regebro.wordpress.com/ > +33 661 58 14 64 > -- Best regards, Adam ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
On Thu, Apr 15, 2010 at 12:29, Adam GROSZER wrote: > The open questions that remain: > * What about pytz 2010g? I'm not sure it makes sense fixing it to a particular version at all, as you might want timezone updates separately. Just sayin'. :) -- Lennart Regebro: Python, Zope, Plone, Grok http://regebro.wordpress.com/ +33 661 58 14 64 ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Hi > Betreff: Re: [Zope-dev] KGS 3.4.1 versions > > Adam GROSZER a écrit : > > Hello, > > > > There is a sheet with versions for KGS 3.4.1 > > > http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output= > > html > > > > Anyone for/against those versions? > > > > The open questions that remain: > > * What about pytz 2010g? > > * Which lxml version to take? 1.3.6? > > * What about zope.app.container 3.6.2? > > * Would be nice to have zope.testbrowser 3.5.1 > > > > Comments are welcome. > > > > z3c.layer has a major security issue, because of trusted > traversing adapters that removes the security proxy > everywhere. yes and no, only miss use could end in security issues It's not really a security issue, it's the only concept which allows to use nested sites with more then one IAuthentication utility and allows to authenticate on objects behind the first site. But since this was such a rare use case, we decided to split the package in different packages which also supports a non trusted setup. This makes the packages more general usable without to run into security issues based on trusted confirgurations where non trusted is needed. > This package has been retired and splitted into > its 3 subpackages : > > z3c.layer.minimal > z3c.layer.pagelet Both package above should not use trusted traverser > z3c.layer.trusted This package should still use trusted traverser > > There is no problem upgrading to branch 1.0 of these > packages, as they don't have any significant changes, > excepted the splitting. However: > > z3c.layer.pagelet should be in version 1.0.2. Nothing below. > z3c.layer.minimal has no corrected 1.0 branch. A new > maintenance release 1.0.2 of this package should be released. > z3c.layer.trusted is OK, since this is trusted in purpose. (I think) Yes Regards Roger Ineichen > Christophe > ___ > Zope-Dev maillist - Zope-Dev@zope.org > https://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope ) > ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] KGS 3.4.1 versions
Adam GROSZER a écrit : > Hello, > > There is a sheet with versions for KGS 3.4.1 > http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html > > Anyone for/against those versions? > > The open questions that remain: > * What about pytz 2010g? > * Which lxml version to take? 1.3.6? > * What about zope.app.container 3.6.2? > * Would be nice to have zope.testbrowser 3.5.1 > > Comments are welcome. > z3c.layer has a major security issue, because of trusted traversing adapters that removes the security proxy everywhere. This package has been retired and splitted into its 3 subpackages : z3c.layer.minimal z3c.layer.pagelet z3c.layer.trusted There is no problem upgrading to branch 1.0 of these packages, as they don't have any significant changes, excepted the splitting. However: z3c.layer.pagelet should be in version 1.0.2. Nothing below. z3c.layer.minimal has no corrected 1.0 branch. A new maintenance release 1.0.2 of this package should be released. z3c.layer.trusted is OK, since this is trusted in purpose. (I think) Christophe ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] KGS 3.4.1 versions
Hello, There is a sheet with versions for KGS 3.4.1 http://spreadsheets.google.com/pub?key=tUE5Q72d4Kg1FXaacCA3EKQ&output=html Anyone for/against those versions? The open questions that remain: * What about pytz 2010g? * Which lxml version to take? 1.3.6? * What about zope.app.container 3.6.2? * Would be nice to have zope.testbrowser 3.5.1 Comments are welcome. -- Best regards, Adam GROSZER mailto:agros...@gmail.com -- Quote of the day: The crash of the whole solar and stellar systems could only kill you once. - Thomas Carlyle ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )