This notice only applies to developers who are following the bleeding edge of Zope, the CVS trunk. It does not apply if you downloaded Zope from a web site.
We're about to check in to the trunk the unified restricted code implementation which is currently on the RestrictedPython branch. The documentation and rationale can be found here:
http://dev.zope.org/Wikis/DevSite/Projects/SupportPython21/RestrictedPython
We looked at using Bastion and rexec, but neither of them provide the kind of granularity demanded by the Zope security model. So we created a new module, RestrictedPython, which is in fact usable outside Zope.
Although the driving goal was to support Python 2.1, this project has given us an opportunity to work on some long-standing issues as well. The restrictions are clearer and finally both DTML and scripts use the same code to implement security.
We've tried hard to make the new code work just right, including new unit tests and a couple of optimizations. But there is bound to be some breakage. Also, as the community was warned previously, the new code requires Python 2.1.
Shane
Additionally, other mass changes to the trunk will occur when Andreas merges the work he's done to rid the codebase of "regex" in favor of "re".
One of the more major shifts is the deprecation of the "old" structured text in favor of StructuredTextNG, which is serviced via a compatibility module. The compatibility module is known to break the Zope Tutorial product currently, but everything else in the core that uses StructuredText (e.g. dtml-var fmt=structured-text and the help system) seems to work well. The tutorial will work again once 2.4 final is released.
----- Original Message ----- From: "Shane Hathaway" shane@digicool.com To: zope-dev@zope.org Sent: Friday, April 27, 2001 1:40 PM Subject: [Zope-dev] Heads up -- big changes on trunk
This notice only applies to developers who are following the bleeding edge of Zope, the CVS trunk. It does not apply if you downloaded Zope from a web site.
We're about to check in to the trunk the unified restricted code implementation which is currently on the RestrictedPython branch. The documentation and rationale can be found here:
http://dev.zope.org/Wikis/DevSite/Projects/SupportPython21/RestrictedPython
We looked at using Bastion and rexec, but neither of them provide the kind of granularity demanded by the Zope security model. So we created a new module, RestrictedPython, which is in fact usable outside Zope.
Although the driving goal was to support Python 2.1, this project has given us an opportunity to work on some long-standing issues as well. The restrictions are clearer and finally both DTML and scripts use the same code to implement security.
We've tried hard to make the new code work just right, including new unit tests and a couple of optimizations. But there is bound to be some breakage. Also, as the community was warned previously, the new code requires Python 2.1.
Shane
Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Shane Hathaway wrote:
This notice only applies to developers who are following the bleeding edge of Zope, the CVS trunk. It does not apply if you downloaded Zope from a web site.
As a broader issue, what's the story with bugfixes in the 2.3 branch? We've got a couple of patches in against 2.3 now that have been patched in the "trunk" but not in the 2.3 branch. We're not going to be moving to the bleeding edge any time soon, because our customers aren't going to like being forced to install a whole new Zope instance / python interpreter just to run our product! I think it's bad enough that we're forcing them to use a "bleeding edge" 2.3.2 release...
What say DC?
Richard
This is likely an artifact of the branch "freeze" between the last beta and the final. Which bugs were they? Are they in the Collector? In general, most bugfixes make it into both the trunk and the current release branch.
----- Original Message ----- From: richard@bizarsoftware.com.au To: "Shane Hathaway" shane@digicool.com Cc: zope-dev@zope.org Sent: Monday, April 30, 2001 7:16 PM Subject: Re: [Zope-dev] Heads up -- big changes on trunk
Shane Hathaway wrote:
This notice only applies to developers who are following the bleeding edge of Zope, the CVS trunk. It does not apply if you downloaded Zope from a web site.
As a broader issue, what's the story with bugfixes in the 2.3 branch?
We've
got a couple of patches in against 2.3 now that have been patched in the "trunk" but not in the 2.3 branch. We're not going to be moving to the bleeding edge any time soon, because our customers aren't going to like being forced to install a whole new Zope instance / python interpreter
just
to run our product! I think it's bad enough that we're forcing them to use a "bleeding edge" 2.3.2 release...
What say DC?
Richard
-- Richard Jones richard@bizarsoftware.com.au Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)
Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
On Tue, 1 May 2001 richard@bizarsoftware.com.au wrote:
Shane Hathaway wrote:
This notice only applies to developers who are following the bleeding edge of Zope, the CVS trunk. It does not apply if you downloaded Zope from a web site.
As a broader issue, what's the story with bugfixes in the 2.3 branch? We've got a couple of patches in against 2.3 now that have been patched in the "trunk" but not in the 2.3 branch. We're not going to be moving to the bleeding edge any time soon, because our customers aren't going to like being forced to install a whole new Zope instance / python interpreter just to run our product! I think it's bad enough that we're forcing them to use a "bleeding edge" 2.3.2 release...
2.3.2 is much more stable than bleeding edge IMHO. The CVS trunk is the "bleeding edge", alpha / beta releases are the "cutting edge", and stable releases are the production software.
If you are aware of any bugfixes that haven't made it into the 2.3 branch, please tell us. Of course, I'm sure you understand some bugfixes need further testing before going into a "stable" release so they go into the "unstable" release instead.
Shane