Diez said:
> You are exactly right Gustavo - the arrogant and attitude is exactly the
> problem here.
>
> But obviously I see it the other way round. If I read something like this
> from you
>
> """
> The point I'm trying to make is that this kind of things can perfectly be
> done with repoze.who, without bringing any hack to the authorization
> controls like that @xrequire decorator or the other things you suggested.
> """
>
> when clearly you
>
> - don't understand the problem
> - disqualify proposed solutions as "hack"
> - ignorantly insist that things are "that simple", when obviously they
> aren't, and this repeatedly so (I lined out the problem with the
> subsequent calls not being authenticated several times..)
>
> then that's an arrogant & ignorant attitude in my book. Which was the
> reason why I changed my tone.
Don't you realize that you're actually describing yourself?
- You didn't understand the problem, based on the incorrect statements you
made about repoze.who which I pointed out in other emails, and the same for
XML-RPC, when you said that the credentials must be in the body because
"XMLRPC works over HTTP, but it does NOT work with the whole browser-semantics
of cookies and headers"... While it can perfectly use HTTP authentication.
- You disqualified my suggestion as something that wouldn't even work, while
at least I acknowledged that your solutions would work ("His suggestions don't
solve anything so far").
- You ignorantly said that there are three solutions and none of them was
good ("So there are basically three ways of doing this, each of them means
you got to die one particular death").
> And what the heck are you talking about "arrogant attitude since the very
> first response"? How can you read this into that post totally escapes me.
> I laid out he various options, including ways how to actually use
> repoze.who.
"I'm sorry, but this won't work. The fault here is certainly not on
repoze.wh* side, but what you presented so far is just working to
authenticate the login call itself. But obviously the OP wants a bunch
of authenticated (and possibly authorized) API-calls, not just one."
> Which IMHO is more complicated (and impacted by performance issues) than
> it's worth it, but I clearly stated that as an opinion, not as advice to
> fore go repoze.wh*. Which by now, I'm obviously willing to do.
That option is more complicated because you wanted it to be more complicated.
The credentials don't necessarily have to go in the XML-based body.
> Which in turn I think is the real problem here: whenever one merely
> suggests that repoze.wh* is anything since the greatest thing since
> sliced bread, you get defensive. Instead of trying to see criticism as
> means to enhance it.
I love criticism, but in this case I think you failed to present a valid
issue. There's no reason why repoze.who wouldn't be able to deal with this.
I'm personally not 100% satisfied with repoze.what 1. I am aware of
limitations in these packages, and so are the other people involved. That's
why repoze.who 2 and repoze.what 2 are being developed actively at present.
If there's something that you don't like, now is a perfect time to let us know
and possibly join us. Who knows, maybe the goals you have for that auth
library you're working on are compatible with our goals for these new
packages.
--
Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
