I'd like to continue moving code to saner places, so here's two more little ideas on next refactorings: - Move password managers from zope.app.authentication to a new package, like zope.password. They are really useful in any authentication system, even not related to "zope3 the app server" or zodb at all. That move will ease the reuse of password encoding/checking mechanism in other authentication software, so people won't need to install anything but password manager and zope.interface. The zope.schema is also needed for the password manager vocabulary, but I'm not sure if the vocabulary should go to the new package, because it adds a dependency on zope.schema. What do people think? - Move the functionality of zope.app.principalannotation to new package, zope.principalannotation, leaving only appsetup bootstrap subscriber and browser menu item, as well as compatibility imports in the original package. I'd volunteer to do that little refactorings, if noone objects. -- WBR, Dan Korostelev
2009/3/5 Dan Korostelev <nadako@gmail.com>:
The zope.schema is also needed for the password manager vocabulary, but I'm not sure if the vocabulary should go to the new package, because it adds a dependency on zope.schema. What do people think?
Ah, I forgot that the password managers are intended to be registered and used as named utilities, so I guess zope.component and zope.schema dependencies are okay. Though, we could move that deps in the "extra". -- WBR, Dan Korostelev
Dan Korostelev wrote:
2009/3/5 Dan Korostelev <nadako@gmail.com>:
The zope.schema is also needed for the password manager vocabulary, but I'm not sure if the vocabulary should go to the new package, because it adds a dependency on zope.schema. What do people think?
Ah, I forgot that the password managers are intended to be registered and used as named utilities, so I guess zope.component and zope.schema dependencies are okay. Though, we could move that deps in the "extra".
We still don't have to add the zope.schema dependency though, right? I'd say keep the vocabulary over in zope.app.authentication so we can avoid the zope.schema dependency. I don't want to create more "extra" dependencies. Extra dependencies should be going away as they make the graph harder to reason about, we don't want to add them. Regards, Martijn
Hey Dan, Thanks for taking the initiative to propose more refactorings! Dan Korostelev wrote:
I'd like to continue moving code to saner places, so here's two more little ideas on next refactorings:
- Move password managers from zope.app.authentication to a new package, like zope.password. They are really useful in any authentication system, even not related to "zope3 the app server" or zodb at all. That move will ease the reuse of password encoding/checking mechanism in other authentication software, so people won't need to install anything but password manager and zope.interface.
+1 on moving these managers to zope.password. I know Uli did some work recently on a more secure way to store passwords. We should be sure in the documentation of zope.password to point out what the current best way to manage passwords is.
The zope.schema is also needed for the password manager vocabulary, but I'm not sure if the vocabulary should go to the new package, because it adds a dependency on zope.schema. What do people think?
I'd say leave the vocabulary behind in zope.app.authentication. It's a zope.app.* package so we'll surely get back to it to mine it for reusable stuff more. Perhaps the vocabulary is there to support the ZMI, or perhaps it'll have to go somewhere else.
- Move the functionality of zope.app.principalannotation to new package, zope.principalannotation, leaving only appsetup bootstrap subscriber and browser menu item, as well as compatibility imports in the original package.
+1 to this one too.
I'd volunteer to do that little refactorings, if noone objects.
Great! I think nobody will object, so feel free to go ahead. Regards, Martijn
participants (2)
-
Dan Korostelev -
Martijn Faassen