[Grok-dev] UPDATE recently created projects to 0.14.1

Uli Fouquet uli at gnufix.de
Sun Dec 14 18:00:30 EST 2008


Hi there,

Am Sonntag, den 14.12.2008, 21:54 +0100 schrieb Jasper Spaans:
> Op 14 dec 2008, om 19:11 heeft Martijn Faassen het volgende geschreven:
> 
> > [periodic phone-home from the admin screen]
> >
> > I think best would be to make a setting in some settings screen "check
> > for security updates" that's off by default. Unfortunately many people
> > will forget to turn it on as a result. Perhaps people aren't as
> > sensitive to this as all that though. Anyway, we need good UI thinking
> > about this.

I already thought about such a feature before releasing `grokui.admin`
0.3 (immediately after the security disaster), but stopped it because of
the phone-home problem.

Another idea was to implement it as a separate package, so everybody had
to explicitly enable it if he/she wants it in `setup.py`. 

However, the possibility of turning on/off a switch in the admin UI
looks more attractive to me (less struggle for users), so +1 from me for
Brandons/Martijns suggestion, if the default is set to ``off``.

> > If someone writes all that, we could include it.
> 
> 
> +1 and /me volunteers to write this in the coming two weeks. Go study  
> evasive behaviour go go go ;)

Great, Jasper. If I can help/support, please tell. Possibly we could use
the `flash()` feature for that. I'd definitely would like to discuss
that with you further, if you like.

> One small suggestion: grokproject could have a question for this to  
> make new users see this feature at least once. (And now everyone can  
> enter the ring to argue over the default answer to that question.)

You mean a question like:

	Do you want to enable security notifications?

I am not sure about this. It might be easier then to replace the
normally (if notifications are enabled) shown message:

        Your installed grok version is totally outdated and problably 
        hijacked by Evil Intruders right NOW.

by (if notifications are not disabled) something like:

	Security notifications disabled. Go to <server-link/> if you 
        want to enable it

on the screen. 

Beside this I would like to keep functionality of grokproject and
grokui.admin separated from each other.

But what we _could_ do (new suggestion): also print The Message on the
commandline/in the logs on startups/restarts. This way we would also
reach admins, that never use the admin-UI. This could also be disabled
somewhere (with default == ``on``).

Best regards,

-- 
Uli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20081215/ab41b016/attachment.bin 


More information about the Grok-dev mailing list