On Sat, Dec 31, 2011 at 20:09, Martin Aspeli <optilude+li...@gmail.com> wrote: > Hi folks, > > I have documented some of the darker corners of Zope's internals. I > put it in the Plone developer documentation for lack of a better > place, but it's not Plone-specific: > > http://collective-docs.readthedocs.org/en/latest/zope_secrets/index.html > > Topics covered include startup, publication, traversal and security. > > One reason to do this, apart from morbid fascination, is to provide a > baseline against which we can consider simplifying some of this stuff. > > For example, I'd like to consider an (opt-in) simplification of the > publisher and traversal, probably based on a stripped-down and > modernised repoze.zope2, which does away with some hooks and edge > cases, but is much simpler and easier to understand. Some things we > could consider chopping are: > > - Attribute traversal to anything other than methods at the end of > the traversal chain (i.e. use __getitem__ traversal only) > - Traversal to anything without explicit security declarations > - The docstring security check > - Maybe __bobo_traverse__ (i.e. just implement __getitem__) and > __before_publishing_traverse__ (use a BeforeTraverseEvent instead, and > notify this for all traversals, not just over local component sites) > - All differences between publication and path traversal > > This is still somewhat half-baked and obviously would break things and > require at least a new major version of Zope, but I think it's worth > exploring at least.
+1 for all of those, as a part of the so called "Zope 4" path of developments. _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
