[Zope] Published methods and docstrings

Andrew Durdin adurdin@yahoo.com
Thu, 12 Dec 2002 18:28:36 +1100


Hi all,

I'm a newcomer to Zope, and while mostly it seems attractive, there's one
thing that to me seems downright wrong: the use of docstrings to
differentiate between published and private (wrt the web) objects (methods
in particular). Why I think this is bad:

1. The purpose of the docstring in Python is to give a human-readable
textual description of the objects's function or purpose.

2. Zope uses this docstring for deciding whether to make the object
published (visible from the web). In essence, this seems to be taking a
structure intended for documentation, and using it for security purposes
(where visibility is a facet of security).

3. As far as I have been able to see, there is no way to disable the
functionality described in (2); similarly, there is no way to use a override
the behaviour, so that one can give a non-published object a docstring.

I hope I'm wrong about part (3). I hope that something has been/is being
done to rectify this design flaw.

Andrew