Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way. -- Chris McDonough <chrism@zope.com> Zope Corporation
Weren't there some arguments that the security machinery must be checked against the changes in Python 2.3? Are we sure that 2.7 is as secure with 2.3 as with 2.2? In any case a bit +1 for going to 2.3.2. -aj --On Freitag, 3. Oktober 2003 10:21 Uhr -0400 Chris McDonough <chrism@zope.com> wrote:
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
-- Chris McDonough <chrism@zope.com> Zope Corporation
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Well, to be clear, there hasn't been any formal security audit of the combination of Python 2.2 with Zope 2.7. So we'd lose nothing by moving directly to 2.3. Jim is keen to get an audit going quickly before a 2.7 final release, and the audit would be performed against Python 2.3.2. On Fri, 2003-10-03 at 10:28, Andreas Jung wrote:
Weren't there some arguments that the security machinery must be checked against the changes in Python 2.3? Are we sure that 2.7 is as secure with 2.3 as with 2.2? In any case a bit +1 for going to 2.3.2.
-aj
--On Freitag, 3. Oktober 2003 10:21 Uhr -0400 Chris McDonough <chrism@zope.com> wrote:
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
-- Chris McDonough <chrism@zope.com> Zope Corporation
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
-- Chris McDonough <chrism@zope.com> Zope Corporation
On Friday 03 October 2003 15:33, Chris McDonough wrote:
Jim is keen to get an audit going quickly before a 2.7 final release, and the audit would be performed against Python 2.3.2.
Does anyone else have an interest in blessing Zope 2.6.x with Python 2.2/2.3 ? -- Toby Dickenson
I don't know about 'blessing', but I'm using it on a project currently (Python 2.3 and Zope 2.6.2) without glitches. Andrew Toby Dickenson wrote:
On Friday 03 October 2003 15:33, Chris McDonough wrote:
Jim is keen to get an audit going quickly before a 2.7 final release, and the audit would be performed against Python 2.3.2.
Does anyone else have an interest in blessing Zope 2.6.x with Python 2.2/2.3 ?
On Fri, 2003-10-03 at 10:58, Andrew Sawyers wrote:
I don't know about 'blessing', but I'm using it on a project currently (Python 2.3 and Zope 2.6.2) without glitches. Andrew
Toby Dickenson wrote:
Does anyone else have an interest in blessing Zope 2.6.x with Python 2.2/2.3 ?
We have deployed Zope 2.6.2 with Python 2.2.3 in production for clients already; the garbage collection improvements in Python 2.2.3 were so compelling that we couldn't reasonably roll them back to Python 2.1.3 after testing. Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com
Tres Seaver wrote:
On Fri, 2003-10-03 at 10:58, Andrew Sawyers wrote:
I don't know about 'blessing', but I'm using it on a project currently (Python 2.3 and Zope 2.6.2) without glitches. Andrew
Toby Dickenson wrote:
Does anyone else have an interest in blessing Zope 2.6.x with Python 2.2/2.3 ?
We have deployed Zope 2.6.2 with Python 2.2.3 in production for clients already; the garbage collection improvements in Python 2.2.3 were so compelling that we couldn't reasonably roll them back to Python 2.1.3 after testing.
I've several times met indirect evidences that migration of application between Python 2.1 -> Python 2.2 got strange pickle-related issues. Not sure if it was Python itself or some 3rd party product like TextIndexNG but the issues arised. However running something with Python 2.2 or 2.3 from scratch had shown no problems. Regards, m. -- Myroslav Opyr zope.net.ua <http://zope.net.ua/> ° Ukrainian Zope Hosting e-mail: myroslav@zope.net.ua <mailto:myroslav@zope.net.ua>
--On Samstag, 4. Oktober 2003 10:20 Uhr +0300 Myroslav Opyr <myroslav@zope.net.ua> wrote:
Not sure if it was Python itself or some 3rd party product like TextIndexNG but the issues arised.
There is no such problem with TextIndexNG. -aj
On Fri, Oct 03, 2003 at 03:48:06PM +0100, Toby Dickenson wrote:
On Friday 03 October 2003 15:33, Chris McDonough wrote:
Jim is keen to get an audit going quickly before a 2.7 final release, and the audit would be performed against Python 2.3.2.
Does anyone else have an interest in blessing Zope 2.6.x with Python 2.2/2.3 ?
yes, but not much time to help out :-( -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's BROMO-LOVESICK ! (random hero from isometric.spaceninja.com)
On Fri, Oct 03, 2003 at 10:33:01AM -0400, Chris McDonough wrote:
Well, to be clear, there hasn't been any formal security audit of the combination of Python 2.2 with Zope 2.7. So we'd lose nothing by moving directly to 2.3. Jim is keen to get an audit going quickly before a 2.7 final release, and the audit would be performed against Python 2.3.2.
then by all means, 2.3.2. These audits seem to be hard to get going on a regular basis (we've been on python 2.1.3 for how long now?) so I see no point in blessing a version of python that's already not latest-and-greatest. The only counterargument i can think of is that 2.3 may not be bundled with many linux distros yet. I've always compiled my own python for use with zope, so I don't know how big a deal that is. -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's THE BRIGHT ZACH! (random hero from isometric.spaceninja.com)
Am Fr, 2003-10-03 um 17.16 schrieb Paul Winkler:
The only counterargument i can think of is that 2.3 may not be bundled with many linux distros yet. I've always compiled my own python for use with zope, so I don't know how big a deal that is.
Debian stable requires it's own backports (self compiled, that is) for python 2.2 and 2.3 anyway, so for those running Debian/stable on their servers it won't be much of a difference. Cheers, Christian -- Christian Theune, gocept gmbh & co. kg http://www.gocept.com - ct@gocept.com fon: 03496 3099112 fax: 03496 3099118 mobile: 0179 7808366
Paul Winkler writes:
then by all means, 2.3.2. These audits seem to be hard to get going on a regular basis (we've been on python 2.1.3 for how long now?) so I see no point in blessing a version of python that's already not latest-and-greatest.
It's not just that Python 2.2.3 is no longer the latest and greatest, but that it's no longer on a maintenance track; that's what 2.3.x is.
The only counterargument i can think of is that 2.3 may not be bundled with many linux distros yet. I've always compiled my own python for use with zope, so I don't know how big a deal that is.
If someone can set up Zope, they can install Python in their sleep. I don't think this is an issue at all. -Fred -- Fred L. Drake, Jr. <fred at zope.com> PythonLabs at Zope Corporation
[Chris McDonough wrote (chrism@zope.com) on 10/3/03 9:21 AM]
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
yes please. :) python 2.3 seems a lot faster to me and even quite stable so far. or did you mean 2.2.3? fwiw, i built zope 2.7.0b2 with python2.3 on freebsd 5.0 a couple days ago without problem and its now serving several medium-traffic CMF sites stably and with very little if any mem leakage. <--> george donnelly ~ http://www.zettai.net/ ~ "Quality Zope Hosting" Shared and Dedicated Zope Hosting ~ Zope Servers ~ Zope Websites Yahoo, AIM: zettainet ~ ICQ: 51907738 ~ Sales (USA): 1-866-967-3669
[Chris McDonough]
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
[george donnelly]
yes please. :) python 2.3 seems a lot faster to me and even quite stable so far.
or did you mean 2.2.3?
Chris did mean 2.3.2, which is still unfamiliar to most because it was just released today: http://www.python.org/2.3.2/ This came very soon after the 2.3.1 release, and just fixes a few gross but obscure platform-specific packaging mistakes in 2.3.1. In reality and with benefit of hindsight, what was released as 2.3.1 "should have been" released as 2.3.1c1 (release candidate 1), and then 2.3.2 should have been released as 2.3.1 final. Regardless, 2.3.2 is the best Python in existence (by any criterion other than "identical to 1.5.2" <wink>).
OK, sounds like a slam dunk to me. I have changed the Zope 2.7 windows builder to use Python 2.3.2 and I have changed the source version configure script to look for 2.3.2 as it's "optimal" version. This all appears to work. Once an RPM is released for Python 2.3.2, I'll change the spec file for the Zope RPM release to depend on that instead of a 2.2.3 RPM. Currently, Zope still claims it works with 2.2.X (via the configure script's "acceptable versions" feature). Should we continue to make that claim true by not depending on any Python 2.3-specific features in the Zope core? I don't think there are a lot of super-compelling core and/or library differences between Pythons 2.3.2 and 2.2.3 that would make this a hardship on core Zope developers. - C On Fri, 2003-10-03 at 11:30, Tim Peters wrote:
[Chris McDonough]
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
[george donnelly]
yes please. :) python 2.3 seems a lot faster to me and even quite stable so far.
or did you mean 2.2.3?
Chris did mean 2.3.2, which is still unfamiliar to most because it was just released today:
This came very soon after the 2.3.1 release, and just fixes a few gross but obscure platform-specific packaging mistakes in 2.3.1. In reality and with benefit of hindsight, what was released as 2.3.1 "should have been" released as 2.3.1c1 (release candidate 1), and then 2.3.2 should have been released as 2.3.1 final.
Regardless, 2.3.2 is the best Python in existence (by any criterion other than "identical to 1.5.2" <wink>).
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Chris McDonough <chrism@zope.com> Zope Corporation
Chris McDonough writes:
Currently, Zope still claims it works with 2.2.X (via the configure script's "acceptable versions" feature). Should we continue to make that claim true by not depending on any Python 2.3-specific features in the Zope core? I don't think there are a lot of super-compelling core and/or library differences between Pythons 2.3.2 and 2.2.3 that would make this a hardship on core Zope developers.
Requiring 2.3 (any flavor) would allow us to drop the copy of the logging package from Zope 2.7 and newer. There are greater benefits for Zope 3, where we have several modules and packages laying around that would no longer be needed (logging, csv, gettext). I also don't know that we should consider 2.3.1 "acceptable" for any version of Zope. -Fred -- Fred L. Drake, Jr. <fred at zope.com> PythonLabs at Zope Corporation
[Chris McDonough]
Currently, Zope still claims it works with 2.2.X (via the configure script's "acceptable versions" feature).
Actually, 2.2, 2.2.1, and 2.2.2 aren't acceptable for Zope even now, because of Zope-critical Python bugs first fixed in 2.2.3. There's no version of 2.2 with a fix for the rare RH9 Unicode-segfault bug Jeremy stumbled into a few weeks ago (while running Zope tests), and there may never be.
Should we continue to make that claim true by not depending on any Python 2.3-specific features in the Zope core? I don't think there are a lot of super-compelling core and/or library differences between Pythons 2.3.2 and 2.2.3 that would make this a hardship on core Zope developers.
I don't know whether it's a hardship for anyone to install 2.3.2 but not to install 2.2.3. Seems unlikely <wink>. In the spambayes project, we've found that people just can't stop themselves from using the new-in-2.3 enumerate() builtin, and the new-in-2.3 Sets module. They're generally useful. Since 2.2.3 is slower and buggier than 2.3.2, and may be the last of the 2.2 line, I'm not sure we'd be doing anyone a real favor by facilitating hanging on to 2.2.3. [Fred L. Drake, Jr.]
Requiring 2.3 (any flavor) would allow us to drop the copy of the logging package from Zope 2.7 and newer.
There are greater benefits for Zope 3, where we have several modules and packages laying around that would no longer be needed (logging, csv, gettext).
Plus I copy 2.3's strptime.py module into Zope3 now (and have to edit it each time I synch up to get rid of its enumerate() call), and Zope3 has a different all-Python implementation of the new-in-2.3 all-C datetime module. The C version of datetime is more desirable due to its comparative memory frugality. One more: We're trying to move toward replacing ExtensionClass with new-style classes. This is straightforward under 2.3, but there's still a relevant glitch in 2.2.3 that appears to make it much harder (that's why the code on zodb3-devel-branch works fine under 2.3 but segfaults left and right under 2.2.3; zodb3-devel-branch is quiet now, but will probably become important again).
I also don't know that we should consider 2.3.1 "acceptable" for any version of Zope.
2.3.1 is missing os.fsync() on POSIX systems (a gross mistake that snuck into 2.3.1), and MvL's arguments notwithstanding, ZODB wants to use os.fsync() on POSIX systems. 2.3.1 was a mistake, but a mistake that got fixed quickly.
"Fred L. Drake, Jr." wrote
Requiring 2.3 (any flavor) would allow us to drop the copy of the logging package from Zope 2.7 and newer.
There are greater benefits for Zope 3, where we have several modules and packages laying around that would no longer be needed (logging, csv, gettext).
Don't forget you also get the C version of datetime.
I also don't know that we should consider 2.3.1 "acceptable" for any version of Zope.
Meh. 2.3.1 gets a bad rap. Aside from the fsync problem, there's nothing fundamentally broken about it. Anthony -- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.
Chris McDonough wrote:
OK, sounds like a slam dunk to me.
I think its a fine idea (finally secure temporary files!), but let me present the first bug I've run into with 2.3 (I've been testing with it). In 2.3 you can no longer declare new classes in a Script object. It bitches about a lack of __name__ attribute. I haven't really had the time to look into it closely, but it does effect the examples shipped with zope, and actually its just a very useful thing to be able to do. Whatever this problem stems from, there will probably be more because of it. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy
OK, I will add this to the collector, thank you! On Fri, 2003-10-03 at 17:27, Jamie Heilman wrote:
Chris McDonough wrote:
OK, sounds like a slam dunk to me.
I think its a fine idea (finally secure temporary files!), but let me present the first bug I've run into with 2.3 (I've been testing with it).
In 2.3 you can no longer declare new classes in a Script object. It bitches about a lack of __name__ attribute. I haven't really had the time to look into it closely, but it does effect the examples shipped with zope, and actually its just a very useful thing to be able to do. Whatever this problem stems from, there will probably be more because of it.
On Fri, 2003-10-03 at 17:27, Jamie Heilman wrote:
In 2.3 you can no longer declare new classes in a Script object. It bitches about a lack of __name__ attribute. I haven't really had the time to look into it closely, but it does effect the examples shipped with zope, and actually its just a very useful thing to be able to do. Whatever this problem stems from, there will probably be more because of it.
In Python 2.3.x, when a class is defined the __name__ of the encompassing module is looked up. I suspect Python Scripts can be fixed by defining __name__ in the globals dictionary in which the code is executed. -Fred -- Fred L. Drake, Jr. <fred at zope.com> PythonLabs at Zope Corporation
[Fred L. Drake, Jr.]
In Python 2.3.x, when a class is defined the __name__ of the encompassing module is looked up. I suspect Python Scripts can be fixed by defining __name__ in the globals dictionary in which the code is executed.
Thanks, Fred! I added this info to the collector entry: http://collector.zope.org/Zope/1074
No strong feeling other than I don't have it installed yet. I spent awhile playing with 2.7b2 and python 2.3 with no issues. BZ
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
-- Chris McDonough <chrism@zope.com> Zope Corporation
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Chris McDonough wrote:
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
By the way: When is 2.7 supposed to be released? Thanks, Florian
+1000 for moving directly to 2.3.2 I maintain several existing Zope add-on products that have to change anyway to be compatible with 2.7. Why on earth would I want to go through that pain *twice* ? Change is inevitable. Killing two birds with one stone means less pain overall, IMHO. --Craeg Chris McDonough wrote:
Some people at ZC have made pretty compelling arguments to make Python 2.3.2 the "recommended" version of Python to use with Zope 2.7 final. I'm wondering if other people have a strong feeling about this either way.
participants (17)
-
Andreas Jung -
Andrew Sawyers -
Anthony Baxter -
BZ -
Chris McDonough -
Chris McDonough -
Christian Theune -
Craeg K Strong -
Florian Lindner -
Fred L. Drake, Jr. -
george donnelly -
Jamie Heilman -
Myroslav Opyr -
Paul Winkler -
Tim Peters -
Toby Dickenson -
Tres Seaver