[Grok-dev] Re: Pushing for 1.0
tseaver at palladion.com
Wed Dec 19 11:54:42 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Philipp von Weitershausen wrote:
> Tim Terlegård wrote:
>> On Dec 19, 2007, at 11:31 AM, Jan-Wijbrand Kolman wrote:
>>> In other words, I think it would be very good to see if we can start
>>> the new year with a 1.0 release of Grok!
>>> What kind of issues do you think we really should address before going
>> What is 1.0 supposed to be, a stable release or something we want to brag
>> to everyone about?
> Like JW, I prefer a stable release. No new features. Let's just release
> what we have now (after having fixed the outstanding bugs, of course).
> We should also update the tutorial (Luciano?!?) and finally get the
> reference online (JW, Uli?!?).
>> In order to brag about this cool grok there are three things I miss:
>> * viewlets
> Definitely post 1.0.
>> * grokproject doing WSGI out of the box
> I vote post 1.0, unless somebody wants to work on it right now.
>> * a different security policy where I can put permissions on models
>> instead of views. If I have 4 models and 100 views it may be better to
>> protect the data by putting require on the models instead of the views.
>> But maybe this already works?
> It does, sorta. But it's very convoluted because of the way the Zope 3
> publication machinery is set up. It was actually one of the first things
> that were written when Zope 3 was started and it doesn't even come close
> to using the component architecture in a way that you'd want it to.
> I think, in the long term, much good could come out of collaborating
> with repoze and their approach to "exploding" the publication.
I'm not sure why model-based security ties in here, unless you mean
you'd like to do security checks during publishing traversal. That
still isn't as fine-grained as what Zope2 does for untrusted code, but
should be doable.
Exploding the Zope3 publisher / publication story would help with the
WSGI integration, too (e.g., to avoid having the publication snag
errors, commit transactions, etc.) At the moment, 'repoze.grok' has to
add a middleware layer to get the error handling turned off, and it
doesn't allow some of the more creative use cases satisfied by
'repoze.zope2' (e.g., using a non-ZODB root object, or tweaking the
post-mapply call chain).
> Anyway, to summarize, I think we should simply
> * fix all outstanding issues in the collector
> * update the tutorial
> * get the reference up-to-date and online
> * do a conservative 1.0 release
+1. Let's try to arrange to get the packaging story tightented up, as
part of this, so that people can use 'easy_install grok' to get started.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Grok-dev