[Zope-dev] Fw: [Exuserfolder-devel] Zope 2.5b1 release

Paul Everitt paul@zope.com
Thu, 29 Nov 2001 06:41:34 -0500 

Yikes, it was pointed out to me that I typed "amk" instead of "akm".=20
Though I knew it was Andrew Milton and not Andrew Kuchling, I mixed up=20
the letters.  (In fact, as I was typing it, I was thinking "wow, that=20
looks like Andrew Kuchling's monogram.")

--Paul

Paul Everitt wrote:

>=20
> Whew, that email (and the preceding one in the thread) is quite a=20
> whopper.  In substance, amk raises some pretty serious issues that we=20
> need to come to grips with very quickly.
>=20
> I don't have enough information to respond right now, but trust that=20
> we'll get a good response back today.
>=20
> Neo-moderator note: if the discussion _does_ start over here, everyone=20
> is advised to leave the anger at the door.  Problems like this can=20
> usually be solved pretty easily by direct communication and open minds.
>=20
> --Paul
>=20
> Dario Lopez-K=E4sten wrote:
>=20
>> I thought this might be intresting for discussion on zope-dev as well.=
..
>>
>> /dario
>>
>> ----- Original Message -----
>> From: "Andrew Kenneth Milton" <akm@theinternet.com.au>
>> To: "Andrew Kenneth Milton" <akm@theinternet.com.au>
>> Cc: <exuserfolder-devel@sourceforge.net>
>> Sent: Thursday, November 29, 2001 8:45 AM
>> Subject: Re: [Exuserfolder-devel] Zope 2.5b1 release
>>
>> It has been pointed out that perhaps the dripping sarcasm drowned out =
the
>> acutal points of the email, sorry I was particularly pissed off at how
>> half-assed it all was.
>>
>> If you are writing a product that needs to create a user, you go look =
in
>> User.py and find out what the API since that tends to be the only plac=
e
>> the API is documented.
>>
>> If you look at how UserFolder is implemented;
>>
>> a) The change to manage_* seems to be completely arbitrary, since we=20
>> already
>>    had _do* methods that meant you didn't have to call manage_users wi=
th
>>    fake submit buttons. So what is the point of having manage_ ?
>>
>> b) manage_* methods usually indicate web callable methods, which these
>> clearly
>>    aren't (no docstring, no REQUEST parameter). In fact they don't=20
>> return a
>> status
>>    at all, so they seem to doubly useless.
>>
>> c) If it's an internal API for applications then the methods should=20
>> probably
>>    be protected by being prefixed with an _ to indicate they're not fo=
r
>> calling
>>    from the web or from within Documents/Templates.
>>
>> d) Even if you conformed to the API by calling e.g. manage_addUser() t=
his
>>    seemed to be incorrect, since it didn't do things like encrypt the
>> password.
>>    This meant you would have to either a) encrypt the password yoursel=
f
>>    (*very bad for XUF*), or b) call _addUser() which is not part of a
>> defined
>>    API but looks like it should be (i.e. manage_addUser and _addUser=20
>> seem to
>>    be reversed in functionality).
>>
>>    ii) This is compounded by the fact you would have to query the=20
>> UserFolder
>>        itself to find out if you should be encrypting passwords (what =
no
>>        UserFolder capability API?).
>>
>> e) s/_do/manage_/ doesn't constitute a new API. It's just the old one=20
>> with
>> the
>>    names changed.
>>
>> f) We've done a lot of work to make a flexible UF product that is I18N=
ed
>>    (well -able), and they still use the value of the submit button. I=20
>> would
>> have
>>    expected to see an alternative manage_users called from the ZMI tha=
t
>>    behaved much better, with manage_users calls raising warnings.
>>
>> g) Someone got paid to do it, and that just pisses me off, given the=20
>> quality
>>    of the stuff we release for free (and I'm still looking for a job b=
tw
>> d8).
>>    We're not perfect, the 0.10.1 release shows that, but, at least we
>>    spent more than three minutes including thinking time on it, and I =
at
>> least
>>    try not to change things just for the sake of it.
>>
>> Anyway. In case you were wondering what the previous email meant, ther=
e's
>> the
>> actual meaning d8)
>>
>> --=20
>> Totally Holistic Enterprises Internet|                      | Andrew=20
>> Milton
>> The Internet (Aust) Pty Ltd          |                      |
>> ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe=20
>> Daemon
>> PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|
>>
>> _______________________________________________
>> Exuserfolder-devel mailing list
>> Exuserfolder-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/exuserfolder-devel
>>
>>
>>
>> _______________________________________________
>> Zope-Dev maillist  -  Zope-Dev@zope.org
>> http://lists.zope.org/mailman/listinfo/zope-dev
>> **  No cross posts or HTML encoding!  **
>> (Related lists -  http://lists.zope.org/mailman/listinfo/zope-announce
>>  http://lists.zope.org/mailman/listinfo/zope )
>>
>=20
>=20
>=20
>=20
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>=20