Re: [Zope] Zope 2.8.x and python security audit

2006-01-27 Thread Sven Deichmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if

Re: [Zope] Zope 2.8.x and python security audit

2006-01-27 Thread Andreas Jung
--On 27. Januar 2006 09:38:12 +0100 Sven Deichmann [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional

Re: [Zope] Zope 2.8.x and python security audit

2006-01-27 Thread Tino Wildenhain
Sven Deichmann schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we

Re: [Zope] Zope 2.8.x and python security audit

2006-01-27 Thread Sven Deichmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, acutally secureness in this case has not really something to do with protection against attackers. It's more secureness in the sense of consistency and data security. The system has to be determined in every way and every step must be reversible

Re: [Zope] Zope 2.8.x and python security audit

2006-01-27 Thread Sven Deichmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well. But when will that be? And when will Plone be ported to Z3? And when will Plone be certified? ;) And after all: Is Z3 ready to use? :D Sven Andreas Jung schrieb: --On 27. Januar 2006 09:38:12 +0100 Sven Deichmann [EMAIL PROTECTED]

[Zope] Zope and OAI-PMH

2006-01-27 Thread Luciano Ramalho
I've been assigned to integrate an existing academic portal in Plone with the OAI-PMH protocol as a data provider. Searching through this list I found the message below, but no response. On 2/4/05, Yuri [EMAIL PROTECTED] wrote: There are several (at least two...) products to manage OAI with

Re: [Zope] Squid ESI

2006-01-27 Thread Chris Withers
Alan Milligan wrote: We haven't had any problems in building Squid-3.x images ...with ESI enabled? I've also heard of at least one other abandoned Squid3 rollout, and it's quite possible that without Robert's participation, Squid3 isn't really production strength. Yup, that and Squid 3's

Re: [Zope] Re: Zope/Plone logon security strategy etc

2006-01-27 Thread Chris Withers
David wrote: I moved to Apache (for SSL) because its independent of Zope and it will give you SSL and the power of a world class server when you need it. ZopeSSL worked fine (when i last tried it, like zope 2.4x). For SSL and HTTP sanitisation, I wouldn't trust anything that doesn't get the

Re: [Zope] Zope - future planning

2006-01-27 Thread Jonathan
Thanks to everyone for their comments and suggestions! I have decided to upgrade our Zope 2.6 application (which consists of 276 scripts/methods/external methods, 5 zcatalogs and 5 sets of zclasses) to Zope 2.9 and Five - as this appears to be a somewhat less painful migration than making a

[Zope] Re: Security class attribute

2006-01-27 Thread Florent Guillaume
Peter Bengtsson wrote: On 1/26/06, Brian Lloyd [EMAIL PROTECTED] wrote: The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security. IntializeClass (among other things) tells the CSI to apply itself to the class to set

[Zope] Product refreshing in Zope 2.9

2006-01-27 Thread Peter Bengtsson
It appears that product refreshing is futile in Zope 2.9 which is according to zope.org the current stable version :( Think again. According to: http://comments.gmane.org/gmane.comp.web.zope.z3base.five/977 Philipp von Weitershausen informs us that if you have a product that uses Five in zope2

[Zope] Re: Security class attribute

2006-01-27 Thread Peter Bengtsson
On 1/27/06, Florent Guillaume [EMAIL PROTECTED] wrote: Peter Bengtsson wrote: On 1/26/06, Brian Lloyd [EMAIL PROTECTED] wrote: The ClassSecurityInfo is a convenience to provide a halfway-sane spelling for a lot of ugliness under the hood in setting up security. IntializeClass (among

[Zope] Where to begin (Performance on 2.9.0 vs. 2.8.4)

2006-01-27 Thread Dennis Allison
Migrating systems to 2.9.0, we have noticed sluggish behavior compared to 2.8.4. The 2.8.4 systems run on a dual processor AMD2600 32-bit processors. The 2.9.0 systems run on AMD dual opteron 240 processors. The dual opteron systems have much more memory, much faster memory, and faster

Re: [Zope] Product refreshing in Zope 2.9

2006-01-27 Thread Dieter Maurer
Peter Bengtsson wrote at 2006-1-27 16:42 +: ... But, in that example they are using Five and I'm not. I've just got a Zope 2.9 install and a python product that I started on before Five even existed. Does that give us any hope for non-Five python products? Anybody? I cannot believe that they

Re: [Zope] Error importing objects 2.8 2.7

2006-01-27 Thread Dieter Maurer
Andreas Jung wrote at 2006-1-27 07:04 +0100: ... Importing stuff from a new Zope version into an older Zope version was _never_ a supported feature. Only import between _identical_ versions. Anything else makes little sense and is unsupported. Of course, you might be happy when you can import

Re: [Zope] Where to begin (Performance on 2.9.0 vs. 2.8.4)

2006-01-27 Thread Andreas Jung
--On 27. Januar 2006 10:06:49 -0800 Dennis Allison [EMAIL PROTECTED] wrote: Is there some performance test I can use to characterize the Zope system itself so I can compare Zopes running on the two machines? just some ideas: - install Plone and run 'ab' against the front-page which will

Re: [Zope-dev] Zope definition on Wikipedia

2006-01-27 Thread Christian Theune
On Thu, 2006-01-26 at 14:53 +0100, Stefane Fermigier wrote: I have made a little update on the Zope article on Wikipedia: http://en.wikipedia.org/wiki/Zope Great! Here is the diff: http://en.wikipedia.org/w/index.php?title=Zopediff=36787848oldid=36094466 It would probably be very

[Zope-dev] Zope tests: 8 OK

2006-01-27 Thread Zope tests summarizer
Summary of messages to the zope-tests list. Period Thu Jan 26 12:01:01 2006 UTC to Fri Jan 27 12:01:01 2006 UTC. There were 8 messages: 8 from Zope Unit Tests. Tests passed OK --- Subject: OK : Zope-2_6-branch Python-2.1.3 : Linux From: Zope Unit Tests Date: Thu Jan 26 21:03:05 EST