Hi folks,

I have documented some of the darker corners of Zope's internals. I
put it in the Plone developer documentation for lack of a better
place, but it's not Plone-specific:


Topics covered include startup, publication, traversal and security.

One reason to do this, apart from morbid fascination, is to provide a
baseline against which we can consider simplifying some of this stuff.

For example, I'd like to consider an (opt-in) simplification of the
publisher and traversal, probably based on a stripped-down and
modernised repoze.zope2, which does away with some hooks and edge
cases, but is much simpler and easier to understand. Some things we
could consider chopping are:

 - Attribute traversal to anything other than methods at the end of
the traversal chain (i.e. use __getitem__ traversal only)
 - Traversal to anything without explicit security declarations
 - The docstring security check
 - Maybe __bobo_traverse__ (i.e. just implement __getitem__) and
__before_publishing_traverse__ (use a BeforeTraverseEvent instead, and
notify this for all traversals, not just over local component sites)
 - All differences between publication and path traversal

This is still somewhat half-baked and obviously would break things and
require at least a new major version of Zope, but I think it's worth
exploring at least.

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists -
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to