[Zope-dev] Re: [Zope3-dev] Re: The Zope Software Certification
Program and Common Repository Proposal
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Feb 21 07:58:33 EST 2006
On Monday 20 February 2006 19:24, Martin Aspeli wrote:
> My immediate concern is about resources: Who will have the time or
> incentive to police the common repository and grant certification? It
> seems to be a non-trivial process that may end up being quite
> time-consuming. It may be perceived as too much red tape.
Please read section 2.8 carefully. Here is the most relevant part:
Both, the requirements and process, are developed in a way that it
should be also simple and fast to receive certification level 1 and level
2. The turn-around time of a request for being granted a certification level
1 or level 2 should be about 1 day.
The certification of level 3 will usually take some more time, since it
requires the certification manager to inspect the code in much more
detail. However, the certification time should not exceed a couple of weeks.
Overall, it is very important for the process to have as little overhead as
possible and make the certification process a quick, easy and fun
experience.
> It may be perceived as too much centralised control, especially around
> licensing.
In the sense that the Zope Foundation is giving out the certifications, yes,
it is centralized. But this is necessary, to make the process seem
valuable/legitimate. All other certifications are centralized too, such as
the TÜV controls the C2 security certification process.
In terms of license, the ZSCP makes no assumptions. Even commercial projects
can be certified if they show a certification manager their code. All of
section 2 does not talk about a required license. A particular license will
only be asserted on the Common Repository, like the ZPL is now for
svn.zope.org or the GPL for the Plone core.
> Secondly, and partly because I'm expecting this to come up in my absence:
> your proposal is eerily simlar to Alan's two-level Plone collective post
> to plone-dev, about having an "approved" list of contributors and packages
> in a fenced-off repository, in addition to the collective.
Yes, I am surprised he posted that. He was on the pre-proposal committee and
knew for a while this was coming. As you can see in Appendix 3, there were
several Plone developers involved in the recent discussion.
> One obvious parallel here, by the way, is with the svn.plone.org/plone
> repository. That one is controlled by the Plone Foundation, requires a
> contributor agreement, and imposes restrictions on license and quality
> (albeit not as formally as you do). I think this is possibly a more valid
> comparison than with the Collective.
Yeah, probably. As far as I understand the Goldegg protocol, the goal is to
develop generic components that could be under a different license. So
ideally I would like to have those components live in the Common Repository,
but they do not have to. I have mentioned that at various places in the
repository.
> I'm actually +1 on your proposal in spirit (if it can be shown to work,
> and if there is a broad consensus in the community to support it - in
> fact, this is important: if there is too much division, the proposal would
> likely be self-defeating) and -1 on his.
Great! I agree with your reservation; but we have to try and from the comments
I got from the pre-proposal committee (which represent a wide range of Zope
sub-communities) I was encouraged that we would find a general agreement.
<snip discussion on Plone versus Zope 3 development>
> eltism and a raised bar to entry. I think that balance is different in
> Plone than it is in Zope 3.
Yes, I agree. Thus the proposal clearly states in section 3.2:
The Common Repository is *not* a replacement for other high-level
repositories like Plone's or ECM's. It does not aim at assimilating
everything in the wider Zope community. It is merely a place for
high-quality packages that are supported by the Zope development team.
> Put differently, I think that *some* Plone components ought to move lower
> down the stack, target re-usability in different systems, and thus be
> subject to somewhat different rules. Perhaps these components shouldn't
> have been Plone components in the first place, or perhaps their evolution
> would start in Plone and move down the stack. But I think it would be
> damaging for the Plone community, given its current shape and culture, to
> impose those rules across the types of components that are higher up the
> stack - arguably those components which should be "Plone" components still.
I would never try to do this.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope-Dev
mailing list