-----BEGIN PGP SIGNED MESSAGE-----
Hanno Schlichting wrote:
> On Thu, Aug 12, 2010 at 7:36 AM, Tim Hoffman <zutes...@gmail.com> wrote:
>> I have been using zope.pagetemplate for quite some time within repoze.bfg
>> projects and bobo (+zope.component) on google appengine
>> (python 2.5.x).
> Is there a reason why you don't use Chameleon? Since version 1.1 it
> should be fully compatible with GAE.
> It might be easier to switch to the new kid, instead of trying to make
> the highly integrated zope.pagetemplate work for you.
>> So now for my modest proposal, do you think it would be feasible to move
>> the restricted engine implementations out of zope.pagetemplate.engine and
>> into some higher level package and provide a simple trusted engine that
>> anyone can use (that supports metal as well)
> At least Zope2 depends on this engine, so moving the engine out into a
> zope.app.* package is not an option, it would have to be some new
> zope.* package. I'm not sure what and how BlueBream and Grok use this.
>> If people think this is a good idea, I am quite willing work on this (with
>> guidance ;-), so thoughts, comments welcome.
> I'd like to hear the reasons for not using Chameleon. To me that looks
> like the better forward path and avoid lots of adjustments and a
> lengthy migration period for zope.pagetemplate users.
Making the zope.security dependency "soft" seems reasonable to me,
especially given that Tim was able to use the package successfully
without having it present.
- - Make imports from zope.security conditional
- - Only define the "untrusted" handlers (and their test) if the imports
- - Add an 'extra' in setup which makes the dependency explicit.
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -