[Zope] Re: Python switcheroo
Tres Seaver
tseaver at zope.com
Sun Dec 5 21:36:50 EST 2004
Dennis Allison wrote:
> This should get Jean Jordan out of the woods for the moment, but it
> raises the question of Zope2.7.X and Python 2.4 compatibility. IMHO it
> would be very bad form to have Zope 2.7.X not work Python 2.4,
The "bad form" would arguably be a fault of Python, rather than Zope,
unless Zope had been ignoring a previous deprecation warning (new
deprecation warnings are to be expected, with Zope applying fixes to
them at leisure).
We won't call 2.4 "supported" until somebody does an audit of the
security implications of using Python 2.4 with Zope. For instance, the
"what's new" page mentions that 'eval' is now willing to use any
mapping-conformant object for its 'locals', where it used to allow only
a "real" dictioary. I don't know if that affects Zope's restricted
execution model, nor do I have time to think about it.
Note that the effort involved to fix Zope for Python 2.3 started more
than a year ago, didn't land until last January, and involved
significant effort (and billable client hours) from six ZC employees.
I don't think 2.4 will be as big an undertaking (Python 2.2, which was
never "supported", introduced a lot of complexity to the object model).
Nevertheless, it isn't trivial.
Note that I am likely to be running Zope 2.8 with Python 2.4 very soon,
*in development.* I won't be worried about TTW code for that project,
which removes most of the security worries.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope
mailing list