[Grok-dev] Re: Pushing for 1.0

Tres Seaver tseaver at palladion.com
Wed Dec 19 11:54:42 EST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philipp von Weitershausen wrote:
> Tim Terlegård wrote:
>> On Dec 19, 2007, at 11:31 AM, Jan-Wijbrand Kolman wrote:
>>> In other words, I think it would be very good to see if we can start 
>>> the new year with a 1.0 release of Grok!
>>>
>>> What kind of issues do you think we really should address before going 
>>> 1.0?
>> What is 1.0 supposed to be, a stable release or something we want to brag
>> to everyone about?
> 
> Like JW, I prefer a stable release. No new features. Let's just release 
> what we have now (after having fixed the outstanding bugs, of course). 
> We should also update the tutorial (Luciano?!?) and finally get the 
> reference online (JW, Uli?!?).
> 
>> In order to brag about this cool grok there are three things I miss:
>>   * viewlets
> 
> Definitely post 1.0.
> 
>>   * grokproject doing WSGI out of the box
> 
> I vote post 1.0, unless somebody wants to work on it right now.
> 
>>   * a different security policy where I can put permissions on models
>>     instead of views. If I have 4 models and 100 views it may be better to
>>     protect the data by putting require on the models instead of the views.
>>     But maybe this already works?
> 
> It does, sorta. But it's very convoluted because of the way the Zope 3 
> publication machinery is set up. It was actually one of the first things 
> that were written when Zope 3 was started and it doesn't even come close 
> to using the component architecture in a way that you'd want it to.
> 
> I think, in the long term, much good could come out of collaborating 
> with repoze and their approach to "exploding" the publication.

I'm not sure why model-based security ties in here, unless you mean
you'd like to do security checks during publishing traversal.  That
still isn't as fine-grained as what Zope2 does for untrusted code, but
should be doable.

Exploding the Zope3 publisher / publication story would help with the
WSGI integration, too (e.g., to avoid having the publication snag
errors, commit transactions, etc.)  At the moment, 'repoze.grok' has to
add a middleware layer to get the error handling turned off, and it
doesn't allow some of the more creative use cases satisfied by
'repoze.zope2' (e.g., using a non-ZODB root object, or tweaking the
post-mapply call chain).

> Anyway, to summarize, I think we should simply
> * fix all outstanding issues in the collector
> * update the tutorial
> * get the reference up-to-date and online
> * do a conservative 1.0 release

+1.  Let's try to arrange to get the packaging story tightented up, as
part of this, so that people can use 'easy_install grok' to get started.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHaUzS+gerLs4ltQ4RAiBbAKDHLJ3sGn8RXC2gkuN9POx/2wVoEwCgywZT
LCBXpTOhMxTkYTBRTRXUKUQ=
=SHH/
-----END PGP SIGNATURE-----

More information about the Grok-dev mailing list