[Zope-dev] zope.password
Roger Ineichen
dev at projekt01.ch
Tue Mar 10 19:01:49 EDT 2009
Hi Dan
> Betreff: Re: [Zope-dev] zope.password
>
> 2009/3/10 Roger Ineichen <dev at projekt01.ch>:
> > Hi Steering group, Hanno, Dan
> >
> >> Betreff: Re: [Zope-dev] zope.password
> >>
> >> Dan Korostelev wrote:
> >> > 2009/3/10 Hanno Schlichting <hannosch at hannosch.eu>:
> >> >> Either you have a dependency and declare it or you don't have a
> >> >> dependency. Since we don't want to use "extras" anymore, I
> >> think this
> >> >> calls for another package which depends on zope.password
> >> and zope.schema.
> >> >
> >> > I still don't like/get the idea of creating and
> maintaining extra
> >> > package that merely contains a vocabulary factory for
> >> another package.
> >> > Whatever, I reverted that change. Roger, just exclude
> >> > zope.app.authentication's "password.zcml" file, include
> >> > "zope.password" explicitly and define your own vocabulary.
> >>
> >> I don't quite like the idea of extras and we decided to
> avoid them.
> >> We also decided to avoid tests_require from what I understand.
> >>
> >> What you did was to not specify an extra nor a hard
> dependency, but
> >> still add zope.schema to the test extra section.
> >>
> >> That feels wrong. Either you have a dependency and so have
> the tests
> >> or you don't.
> >>
> >> I think extras have been created for this kind of use-case of
> >> providing an "optional feature" from a package. Either we use that
> >> mechanism and declare it, or we don't want this mechanism and live
> >> with creating extra packages instead.
> >
> > Hanno,
> > Can you propose something else to solve our problem?
> >
> > The problem is, zope.password offers password manager which
> get used
> > by zope.app.testing, zope.app.authentication, z3c.authenticator and
> > other packages. zope.app.authentication configures the
> vocabulary for
> > the password managers in zope.password.
> >
> > That's defently a no go.
> >
> > Write another package for just define and register them is I think
> > also a no go.
> >
> > Probably we should depend zope.password on zope.schema too and
> > configure the vocabulary and managers registry there.
> >
> > Dan,
> > I think we should not be to excessive with the dependency
> cleanup and
> > stop ourself. It would be nice to use zope.password without the
> > zope.schema package but that's right now no use case for
> our refactoring.
>
> I'd like to be able to use zope.password without
> zope.component for some of my tiny old Pylons-based projects,
> that's why I'm trying to avoid dependency on it. I believe
> that repoze guys will also be quite happy, if it didn't pull
> unneeded (for them) dependency.
I think that's a valid reason for your use case. But that's
a problem for the zope framework ;-)
> I'd be fine with an "extra" requirement, but others seem to
> be against that. :-/
I think we don't have any replacement pattern for extra_requires.
The extra_requires where developed for exactly that reason.
We should use that pattern till someone will show us a better
concept.
I also think to add an additional package for register a vocabulary
is very ugly.
Probably we should think about zope.app.security or something
like that and move the password managers and vocabulary to
someting like that.
Regards
Roger Ineichen
More information about the Zope-Dev
mailing list