-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote: > Hi. > > On Thu, Aug 12, 2010 at 7:36 AM, Tim Hoffman <[email protected]> wrote: >> I have been using zope.pagetemplate for quite some time within repoze.bfg >> projects and bobo (+zope.component) on google appengine >> (python 2.5.x). > > Is there a reason why you don't use Chameleon? Since version 1.1 it > should be fully compatible with GAE. > > It might be easier to switch to the new kid, instead of trying to make > the highly integrated zope.pagetemplate work for you. > >> So now for my modest proposal, do you think it would be feasible to move >> the restricted engine implementations out of zope.pagetemplate.engine and >> into some higher level package and provide a simple trusted engine that >> anyone can use (that supports metal as well) > > At least Zope2 depends on this engine, so moving the engine out into a > zope.app.* package is not an option, it would have to be some new > zope.* package. I'm not sure what and how BlueBream and Grok use this. > >> If people think this is a good idea, I am quite willing work on this (with >> guidance ;-), so thoughts, comments welcome. > > I'd like to hear the reasons for not using Chameleon. To me that looks > like the better forward path and avoid lots of adjustments and a > lengthy migration period for zope.pagetemplate users.
Making the zope.security dependency "soft" seems reasonable to me, especially given that Tim was able to use the package successfully without having it present. - - Make imports from zope.security conditional - - Only define the "untrusted" handlers (and their test) if the imports succeeded. - - Add an 'extra' in setup which makes the dependency explicit. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [email protected] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkxkHfsACgkQ+gerLs4ltQ4sBwCeNUqcYWEWOMQZ1CasnKTXKhcJ DIAAoIOZff7sxXiw1k79USXlmGc0hTld =N6EW -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - [email protected] https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
