[Zope] RE: [Zope] Request regarding 'Hotfixes'

bill@libc.org bill@libc.org
Fri, 24 Aug 2001 10:50:34 -0600 (MDT) 

> Errr.  As author of the "ZMI Top Frame HTTPS reminder" aka
> Hotfix_TopFrameHttps, I'm not sure of the issue.  The title of my err
> Monkey Patch isn't really confusing and it doesn't showup if you search
> ZOpe.org for "hotfix".  Why should it be changed to
> MonkeyPatch_TopFrameHttps? Somehow, it lends less credibility to my
> "product".  Could we call them "postfixes" ;^)?

perhasp i was nto clear enough ... I'll try again.

The issue, is that people already expect HotFixes to be things you must
apply. DC/ZC has been using HotFixes for Security Fixes that can not wait
for  anew version. As a result, I have had several people come to me and ask
just what all the problems are now, as people start seeing 'hotfixes', and
automatically associating them with the ones from ZC/DC.

As far as credibility, that is one of the issues. The dilution of the term
HotFix, into various patches by third parties, causes a loss fo credibility
to authentic HotFixes. In addition, it causes more people to think that zope
is having many serious security issues. HotFixes already have the
association with ZC/DC Security Fixes. What kind of credibility do you want
by calling your patch the same thing? Certainly you would not want to hijack
ZC/DC's use of HotFix for urgent can't-wait security fixes to just any old
change to behaviour anyone makes. Hotfixes are also used as temporary fixes
until the next release comes out, or for those running older versions of
Zope.
I would disagree with calling them fixes, as it seems in most cases so far,
they are changes that alter behaviour, but are not true 'fixes'. A fix
implies something is broken. Merely changing behaviour to suit oneself is
not a 'fix'. Something is not broken just because you want it to behave
differently.


Zope is being used more in professional environments, and many of us are
making excellent inroads into corporate usage. In order to keep this up, we
need to protect the namespace, just as one protects a trademerk, or the
namespaces within a program. We wouldn't want to see someone else putting
out Zope and calling it Zope, for the dilution it would have, and the
usurpation of the 'official' one from ZC. just the same, we should not be
doing this with hotFixes.
These HotPatches, as I call them, dilute an established namespace. One of
the things with them, is that they are not products, nor are they ouright
patches. Personally, I will probably not install any non-ZC hotPatches,
simply due on principle, nut that is just my choice. Calling alterations
such as these HotFixes affects the entire Zope Community. It may not be
apparent to those who have not (yet) had their boss come to them and ask
them "WTF is with all these hotFixes? Why are all these exploits now being
discovered, and done by third parties?", but it is there.


Cheers,

Bill