Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-16 Thread Jean-Paul Smets 

Stefane Fermigier (www.nuxeo.com) sent this answer this morning.



--  Message transmis  --

Subject: [[EMAIL PROTECTED]: Apache Week issue 287]
Date: Sat, 16 Mar 2002 08:12:53 +0100
From: Stefane Fermigier [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

- Forwarded message from Apache Week [EMAIL PROTECTED] -

 Proxy users thinking of upgrading to Apache 1.3.23 should be aware
 that there is a bug ([5]PR#9655) in the handling of responses which
 set more than one cookie, and may wish to wait for the 1.3.24
 release before upgrading.


- End forwarded message -

--
Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile).
http://nuxeo.com/  http://portalux.com/  http://aful.org/
Amazon: we patent the dot in .com

---

-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-10 Thread Jean-Paul Smets 

Le Samedi 9 Mars 2002 23:04, Dieter Maurer a écrit :
 Jean-Paul Smets writes:
   ... TCPWatch dumps demonstrating cookie problem for __ac cookie ...

 When I read the dumps correct then *ALL* Apache + __ac dumps
 lack the __ac cookie whether or nor VHM is used.
 Thus, I would say, VHM is out of suspicion.


I agree.

 Now, Apache + Zope via mod_proxy is Zope via Medusa.
 I do not expect Zope to behave differently when Apache is there.
 As Zope (+ medusa) alone has the __ac cookie, this may indicate
 an Apache problem.
 You can verify that by using TCPWatch between Apache und Zope
 (rather than between your browser and Apache).


OK. I'll test this.




 Dieter

 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists -
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope )

-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-09 Thread Jean-Paul Smets 

Le Mercredi 6 Mars 2002 22:35, Dieter Maurer a écrit :
 Jean-Paul Smets writes:
   I could find out that certain cookie names work, some others do not
  
   Works
   
   Really strange.

 Could you use tcpwatch (or another TCP logger) to see whether
 the Zope response contains the cookie header. If not, this would
 be a Zope problem we could debug. If so, we have to look elsewhere.

Here is the information. 5 cases are shown
- Use of Apache + RewriteRule + VHM (CMF auth. cookie is __ac_erp5)
- Use of Apache + RewriteRule + VHM (CMF auth. cookie is __ac)
- Use of Medusa (CMF auth. cookie is __ac)
- Use of Apache + RewriteRule w/o VHM (CMF auth. cookie is __ac_erp5)
- Use of Apache + RewriteRule w/o VHM (CMF auth. cookie is __ac)

The scenario is
- go to http://www.erp5.org/login_form
- look at what happens with tcpdump after filing the form and posting it

In all  cases, this leads to a login success. However, if the auth. cookie 
is not set (which happens in cases where Apache is used and aut. cookie is 
__ac), then we are in trouble...

You will see that the Set-Cookie is different in the 5 cases

My conclusion for now is that something could be wrong with the Apache 
rewriting process.

Regards,

JPS.


Apache VHM Config

VirtualHost erp5.org
DocumentRoot /home/jp/public_html/erp5/
ServerName erp5.org
ServerAlias www.erp5.org
RewriteEngine On
RewriteRule ^/(.*) 
http://localhost:9673/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/$1 
[L,P]
#RewriteRule ^/(.*) http://localhost:9673/erp5/$1 [L,P]
/VirtualHost


__ac_erp5 + Apache + VHM

0x   4500 05dc 03cb 4000 3306 bbb5 d42b ed44E.@.3+.D
0x0010   c0a8 0083 0050 9843 a89d dbe3 a856 a8fb.P.C.V..
0x0020   8010 1b00 1eda  0101 080a 0212 d894
0x0030   01f9 4691 4854 5450 2f31 2e31 2032 3030..F.HTTP/1.1.200
0x0040   204f 4b0d 0a44 6174 653a 2053 6174 2c20.OK..Date:.Sat,.
0x0050   3039 204d 6172 2032 3030 3220 3133 3a3309.Mar.2002.13:3
0x0060   353a 3533 2047 4d54 0d0a 5365 7276 65725:53.GMT..Server
0x0070   3a20 4170 6163 6865 2f31 2e33 2e32 3320:.Apache/1.3.23.
0x0080   2855 6e69 7829 2044 6562 6961 6e20 474e(Unix).Debian.GN
0x0090   552f 4c69 6e75 780d 0a43 6f6e 7465 6e74U/Linux..Content
0x00a0   2d4c 656e 6774 683a 2035 3734 340d 0a43-Length:.5744..C
0x00b0   6f6e 7465 6e74 2d54 7970 653a 2074 6578ontent-Type:.tex
0x00c0   742f 6874 6d6c 0d0a 4574 6167 3a20 0d0at/html..Etag:...
0x00d0   5365 742d 436f 6f6b 6965 3a20 5f5f 6163Set-Cookie:.__ac
0x00e0   5f65 7270 353d 2261 6e41 3659 5852 6862_erp5=anA6YXRhb
0x00f0   4746 7525 3041 223b 2050 6174 683d 2f0dGFu%0A;.Path=/.
0x0100   0a58 2d43 6163 6865 3a20 4d49 5353 2066.X-Cache:.MISS.f
0x0110   726f 6d20 6572 7035 2e6f 7267 0d0a 4b65rom.erp5.org..Ke
0x0120   6570 2d41 6c69 7665 3a20 7469 6d65 6f75ep-Alive:.timeou
0x0130   743d 3135 2c20 6d61 783d 3130 300d 0a43t=15,.max=100..C
0x0140   6f6e 6e65 6374 696f 6e3a 204b 6565 702donnection:.Keep-
0x0150   416c 6976 650d 0a0d 0a20 0a0a 3c68 746dAlive...htm
0x0160   6c3e 0a20 3c68 6561 643e 2020 0a20 203cl..head.
0x0170   7469 746c 653e 4552 5035 2043 6f6d 6d75titleERP5.Commu
0x0180   6e69 7479 3a20 4552 5035 2043 6f6d 6d75nity:.ERP5.Commu
0x0190   6e69 7479 3c2f 7469 746c 653e 0a20 203cnity/title...

__ac + Apache + VHM

0x   4500 05dc 4d68 4000 3306 7218 d42b ed44E...Mh@.3.r..+.D
0x0010   c0a8 0083 0050 9845 b6c0 6432 b5b6 2c45.P.E..d2..,E
0x0020   8010 1b00 53bb  0101 080a 0213 29c6S.).
0x0030   01f9 97c1 4854 5450 2f31 2e31 2032 3030HTTP/1.1.200
0x0040   204f 4b0d 0a44 6174 653a 2053 6174 2c20.OK..Date:.Sat,.
0x0050   3039 204d 6172 2032 3030 3220 3133 3a3309.Mar.2002.13:3
0x0060   393a 3231 2047 4d54 0d0a 5365 7276 65729:21.GMT..Server
0x0070   3a20 4170 6163 6865 2f31 2e33 2e32 3320:.Apache/1.3.23.
0x0080   2855 6e69 7829 2044 6562 6961 6e20 474e(Unix).Debian.GN
0x0090   552f 4c69 6e75 780d 0a43 6f6e 7465 6e74U/Linux..Content
0x00a0   2d4c 656e 6774 683a 2035 3734 340d 0a43-Length:.5744..C
0x00b0   6f6e 7465 6e74 2d54 7970 653a 2074 6578ontent-Type:.tex
0x00c0   742f 6874 6d6c 0d0a 4574 6167 3a20 0d0at/html..Etag:...
0x00d0   5365 742d 436f 6f6b 6965 3a20 5f5f 6163Set-Cookie:.__ac
0x00e0   5f6e 616d 653d 226a 7022 3b20 4578 7069_name=jp;.Expi
0x00f0   7265 733d 5375 6e2c 2030 3920 4d61 7220res=Sun,.09.Mar.
0x0100   3230 3033 2031 333a 3339 3a32 3220 474d2003.13:39:22.GM
0x0110   543b 2050 6174 683d 2f0d 0a58 2d43 6163T;.Path=/..X-Cac
0x0120   6865 3a20 4d49 5353 2066 726f 6d20 6572he:.MISS.from.er
0x0130   7035 2e6f 7267 0d0a 4b65 6570 2d41 6c69

Re: SV: [Zope-dev] Small Alert - Probably Apache / mod-rewrite

2002-03-09 Thread Jean-Paul Smets 

Hi,

I did a few more tests. Apparently, this cookie issue
- happens in proxy mode 
- does not happen in CGI mode

Of course, it is required to delete all cookies stored in the browser once 
the __ac cookie has been successfully set in CGI mode

I have enclose an excerpt of my Apache config which shows various tests.

JPS.

VirtualHost erp5.org
DocumentRoot /home/jp/public_html/erp5/
ServerName erp5.org
ServerAlias www.erp5.org
#ProxyPass / 
http://localhost:9673/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/
RewriteEngine on
RewriteCond %{HTTP:Authorization}  ^(.*)
#RewriteRule ^/(.*) 
http://localhost:9673/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/$1 
[L,P]
#RewriteRule ^/(.*) http://localhost:9673/erp5/$1 [L,P]
#RewriteRule ^/(.*) 
http://localhost:9673/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/$1 
[L,P]
RewriteRule ^/(.*) 
/usr/lib/cgi-bin/Zope/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/$1 
 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]

/VirtualHost



-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

SV: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-09 Thread Magnus Heino 


 
 You will see that the Set-Cookie is different in the 5 cases
 
 My conclusion for now is that something could be wrong with the Apache 
 rewriting process.

Nope, cause I'm running Roxen.. and have the same behaviour.

/Magnus

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-09 Thread Dieter Maurer 

Jean-Paul Smets writes:
  ... TCPWatch dumps demonstrating cookie problem for __ac cookie ...
When I read the dumps correct then *ALL* Apache + __ac dumps
lack the __ac cookie whether or nor VHM is used.
Thus, I would say, VHM is out of suspicion.

Now, Apache + Zope via mod_proxy is Zope via Medusa.
I do not expect Zope to behave differently when Apache is there.
As Zope (+ medusa) alone has the __ac cookie, this may indicate
an Apache problem.
You can verify that by using TCPWatch between Apache und Zope
(rather than between your browser and Apache).



Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-07 Thread Shane Hathaway 

On Thu, 7 Mar 2002, Magnus Heino wrote:

  What browser are you using?  Strange things like this happen for me
  occasionally after a Mozilla upgrade, but I just delete the cookies for
  the site and everything goes back to normal.  I figure someone at
  Netscape is just fiddling with the cookie code. :-)

 I'm using IE6.

 It isn't just this one. http://collector.zope.org/Zope/251 and
 http://collector.zope.org/Zope/260 also does different things when using
 VHM.

It would be helpful if you would run tcpwatch and figure out exactly what
interaction is happening between Zope and the browser.  Just use tcpwatch
-p 3128 and set localhost:3128 as your proxy server.

http://hathaway.freezope.org/Software/TCPWatch

Then delete all the stored cookies for your site and see if the problem
disappears.

Shane



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-06 Thread Shane Hathaway 

Jean-Paul Smets wrote:
 I could find out that certain cookie names work, some others do not
 
 Works
 
 __ac_
 __ac_ra
 __ac_rak1
 __ac_nex1
 __ac_erp5
 
 Does not work
 
 __ac
 __ac_rack1
 __ac_rack12
 
 Really strange.

What browser are you using?  Strange things like this happen for me 
occasionally after a Mozilla upgrade, but I just delete the cookies for 
the site and everything goes back to normal.  I figure someone at 
Netscape is just fiddling with the cookie code. :-)

OTOH, the only way a loop on the login page can happen is if you're not 
allowed to access the login page, or perhaps one of its images.  Maybe 
something is caching authentication in a non-thread-safe way.  In fact, 
the last hotfix addressed something like this, didn't it?

Shane


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-06 Thread Dieter Maurer 

Jean-Paul Smets writes:
  I could find out that certain cookie names work, some others do not
  
  Works
  
  Really strange.
Could you use tcpwatch (or another TCP logger) to see whether
the Zope response contains the cookie header. If not, this would
be a Zope problem we could debug. If so, we have to look elsewhere.


Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

SV: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-06 Thread Magnus Heino 


 Jean-Paul Smets wrote:
  I could find out that certain cookie names work, some others do not
 
  Works
 
  __ac_
  __ac_ra
  __ac_rak1
  __ac_nex1
  __ac_erp5
 
  Does not work
 
  __ac
  __ac_rack1
  __ac_rack12
 
  Really strange.

 What browser are you using?  Strange things like this happen for me
 occasionally after a Mozilla upgrade, but I just delete the cookies for
 the site and everything goes back to normal.  I figure someone at
 Netscape is just fiddling with the cookie code. :-)

I'm using IE6.

It isn't just this one. http://collector.zope.org/Zope/251 and
http://collector.zope.org/Zope/260 also does different things when using
VHM.

/Magnus


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Small Alert

2002-03-05 Thread Jean-Paul Smets 

Hi,

I just upgraded this morning a Debian Woody server with Zope 2.5. The 
upgrade has resulted in all my CMF (which use SiteRoot or 
VirtualHostMonster) to refuse any authentication.

Without SiteRoot or VirtualHostMonster, everything is fine.

I am searching the reason.

JPS.

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

SV: [Zope-dev] Small Alert

2002-03-05 Thread Magnus Heino 


 I just upgraded this morning a Debian Woody server with Zope 2.5. The
 upgrade has resulted in all my CMF (which use SiteRoot or
 VirtualHostMonster) to refuse any authentication.

 Without SiteRoot or VirtualHostMonster, everything is fine.

I have had this problem (and a few others, some fixed in CVS) with VHM for
some time now. Everything is fine on 8080, but fails using VHM.

Since noone else experienced it, I thougt that it was something local
here...

/Magnus


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert

2002-03-05 Thread Jean-Paul Smets 

Le Mardi 5 Mars 2002 15:15, vous avez écrit :
  I just upgraded this morning a Debian Woody server with Zope 2.5. The
  upgrade has resulted in all my CMF (which use SiteRoot or
  VirtualHostMonster) to refuse any authentication.
 
  Without SiteRoot or VirtualHostMonster, everything is fine.

 I have had this problem (and a few others, some fixed in CVS) with VHM
 for some time now. Everything is fine on 8080, but fails using VHM.

 Since noone else experienced it, I thougt that it was something local
 here...

 /Magnus

I moved everything from SiteRoot to VHM. It does not change anything.

Standard sites are OK in terms of authentication. CMF sites fail.

I have the impression something wrong happens in the portal_membership tool.

JPS.

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert

2002-03-05 Thread Jean-Paul Smets 

Here are the news
- whener the CMF is access through a VHM, only one cookie is set 
(__ac_name) and we get a loop on the login page

- whenever the CMF is accessed directly (in my case through an ssh tunnel 
pointing to the root of the zope) two cookies are set (__ac=anA6YXRhbGFu%0A 
and __ac_name)

More to follow.

JPS.

(sorry for being so slow, I am sick and had to go to the doctor).

-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution

2002-03-05 Thread Jean-Paul Smets 

I started debugging Zope. I found that the various methods in 
CookieCrumbler are called and should normally set a cookie for auth_cookie.

However, under VHM operation, this does not happen when auth_cookie == 
'__ac'

I changed the name of the authentication cookie to __ac_erp5 in the CMF 
(www.erp5.org is the site I am working on).  

Everything works fine now.

I have absolutely no idea what it can mean.

As a reminder, I had no problems for 6 months and suddenly, after a small 
upgrade, all this strange behaviour started.

JPS.

-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: SV: [Zope-dev] Small Alert - Temp Solution - more...

2002-03-05 Thread Jean-Paul Smets 

I could find out that certain cookie names work, some others do not

Works

__ac_
__ac_ra
__ac_rak1
__ac_nex1
__ac_erp5

Does not work

__ac
__ac_rack1
__ac_rack12

Really strange.

JPS.

-- 
Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO)
GPG Fingerprint: 40FF FA78 75AA 680D 8BB4  EEF9 539A 79CC CB8E 5F01 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

SV: SV: [Zope-dev] Small Alert - Temp Solution

2002-03-05 Thread Magnus Heino 


I can verify this. Same thing happens here too.

I had to redirect login_form to :8080 before, since I could not login to CMF
otherwise, using VHM.

I changed auth_cookie from __ac to __ac_, and now I can login through VHM...

Bug... I'll put it in the Collector.

(I'm using a week old cvs snapshot of Zope-2_5-branch and CMF1.2)

/Magnus

 I started debugging Zope. I found that the various methods in
 CookieCrumbler are called and should normally set a cookie for
 auth_cookie.

 However, under VHM operation, this does not happen when auth_cookie ==
 '__ac'

 I changed the name of the authentication cookie to __ac_erp5 in the CMF
 (www.erp5.org is the site I am working on).

 Everything works fine now.

 I have absolutely no idea what it can mean.

 As a reminder, I had no problems for 6 months and suddenly, after a small
 upgrade, all this strange behaviour started.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )