[Zope] Re: [Zope3-dev] Re: The Zope Software Certification Program and Common Repository Proposal

Stephan Richter srichter at cosmos.phy.tufts.edu
Tue Feb 21 07:58:33 EST 2006 

On Monday 20 February 2006 19:24, Martin Aspeli wrote:
> My immediate concern is about resources: Who will have the time or
> incentive to police the common repository and grant certification? It
> seems to be a non-trivial process that may end up being quite
> time-consuming. It may be perceived as too much red tape. 

Please read section 2.8 carefully. Here is the most relevant part:

  Both, the requirements and process, are developed in a way that it
  should be also simple and fast to receive certification level 1 and level
  2. The turn-around time of a request for being granted a certification level 
  1 or level 2 should be about 1 day.

  The certification of level 3 will usually take some more time, since it
  requires the certification manager to inspect the code in much more
  detail. However, the certification time should not exceed a couple of weeks.

  Overall, it is very important for the process to have as little overhead as
  possible and make the certification process a quick, easy and fun 
  experience.


> It may be perceived as too much centralised control, especially around 
> licensing. 

In the sense that the Zope Foundation is giving out the certifications, yes, 
it is centralized. But this is necessary, to make the process seem 
valuable/legitimate. All other certifications are centralized too, such as 
the TÜV controls the C2 security certification process.

In terms of license, the ZSCP makes no assumptions. Even commercial projects 
can be certified if they show a certification manager their code. All of 
section 2 does not talk about a required license. A particular license will 
only be asserted on the Common Repository, like the ZPL is now for 
svn.zope.org or the GPL for the Plone core.

> Secondly, and partly because I'm expecting this to come up in my absence:
> your proposal is eerily simlar to Alan's two-level Plone collective post
> to plone-dev, about having an "approved" list of contributors and packages
> in a fenced-off repository, in addition to the collective.

Yes, I am surprised he posted that. He was on the pre-proposal committee and 
knew for a while this was coming. As you can see in Appendix 3, there were 
several Plone developers involved in the recent discussion.

> One obvious parallel here, by the way, is with the svn.plone.org/plone
> repository. That one is controlled by the Plone Foundation, requires a
> contributor agreement, and imposes restrictions on license and quality
> (albeit not as formally as you do). I think this is possibly a more valid
> comparison than with the Collective.

Yeah, probably. As far as I understand the Goldegg protocol, the goal is to 
develop generic components that could be under a different license. So 
ideally I would like to have those components live in the Common Repository, 
but they do not have to. I have mentioned that at various places in the 
repository.

> I'm actually +1 on your proposal in spirit (if it can be shown to work,
> and if there is a broad consensus in the community to support it - in
> fact, this is important: if there is too much division, the proposal would
> likely be self-defeating) and -1 on his.

Great! I agree with your reservation; but we have to try and from the comments 
I got from the pre-proposal committee (which represent a wide range of Zope 
sub-communities) I was encouraged that we would find a general agreement. 

<snip discussion on Plone versus Zope 3 development>
> eltism and a raised bar to entry. I think that balance is different in
> Plone than it is in Zope 3.

Yes, I agree. Thus the proposal clearly states in section 3.2:

  The Common Repository is *not* a replacement for other high-level 
  repositories like Plone's or ECM's. It does not aim at assimilating 
  everything in the wider Zope community. It is merely a place for 
  high-quality packages that are supported by the Zope development team.

> Put differently, I think that *some* Plone components ought to move lower
> down the stack, target re-usability in different systems, and thus be
> subject to somewhat different rules. Perhaps these components shouldn't
> have been Plone components in the first place, or perhaps their evolution
> would start in Plone and move down the stack. But I think it would be
> damaging for the Plone community, given its current shape and culture, to
> impose those rules across the types of components that are higher up the
> stack - arguably those components which should be "Plone" components still.

I would never try to do this.

Regards,
Stephan
-- 
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training

More information about the Zope mailing list