zope backward compatibility policy?
hi, what's the backward compatibility policy of zope? i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems. i checked the changelogs, and this change does not seem to be mentioned. i thought that if someone is not in the changelog, then is supposed to be unchanged. or not? p.s: i am still a beginner in the zope world, so maybe i am completely wrong :) gabor
--On 13. Juni 2005 09:47:33 +0200 gabor <gabor@nekomancer.net> wrote:
hi,
what's the backward compatibility policy of zope?
i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems.
In general changes should be backward compatible (to some degree). In some cases it might be reasonable to be not compatible with earlier versions especially between major releases. The problem you are talking about might be because a property are supposed to be read-only. Since lists are mutable this could have caused some security probleme..maybe not...one would have to dig into the CVS log to find details...cvs.zope.org is your friend if you want to figure it out on your own. -aj
--On 13. Juni 2005 09:47:33 +0200 gabor <gabor@nekomancer.net> wrote:
hi,
what's the backward compatibility policy of zope?
i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems.
From the cvs log of PropertyManager.py
""" revision 1.56 date: 2004/01/15 22:50:17; author: tseaver; state: Exp; lines: +4 -2 - CGI escape merge (from 2.6 / 2.7 audit). - Store 'lines' and 'tokens' properties as tuples, not lists (merge from 2.6 / 2.7 audit). """ So this change was driven by security issues. And btw. it *is* documented in the release notes: """ - Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios. """ -aj
Andreas Jung wrote:
--On 13. Juni 2005 09:47:33 +0200 gabor <gabor@nekomancer.net> wrote:
hi,
what's the backward compatibility policy of zope?
i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems.
From the cvs log of PropertyManager.py
So this change was driven by security issues. And btw. it *is* documented in the release notes:
""" - Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios.
"""
i see.. thanks a lot... it's just that this is documented in the 'bugfix' part. i didn't expect bugfixes to change the api.... hmm.. it seems that i will have to read the whole changelog (what happened between 2.6.4 and 2.7.2 ;)) gabor
On Mon, Jun 13, 2005 at 10:58:25AM +0200, gabor wrote:
i see.. thanks a lot...
it's just that this is documented in the 'bugfix' part.
i didn't expect bugfixes to change the api....
But you should expect bugfixes to change implementation details, which is what this is :-) If you read the documentation, e.g. at http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/UsingZope.stx which was current as of Zope 2.6, it says: lines A lines property is a sequence of strings. Nowhere does it say "list".
hmm.. it seems that i will have to read the whole changelog (what happened between 2.6.4 and 2.7.2 ;))
Probably a good idea anyway :-) When I am considering a major zope upgrade, I do this. -- Paul Winkler http://www.slinkp.com
participants (3)
-
Andreas Jung -
gabor -
Paul Winkler