[Zope-dev] zope.i18messageid

Tres Seaver tseaver at palladion.com
Fri Jul 2 13:49:41 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris McDonough wrote:
> Fabio,
> 
> Within the last few months you committed the following change to
> zope.i18nmessageid:
> 
> http://svn.zope.org/zope.i18nmessageid/trunk/setup.py?rev=102497&r1=101297&r2=102497
> 
> The commit message is "Fixed the compilation of the C extension with
> python 2.6: refactored it as a setuptools Feature."  Can I ask what
> problem was being fixed with this commit?
> 
> It undid work I did in this revision:
> 
> http://svn.zope.org/zope.i18nmessageid/trunk/setup.py?rev=99669&r1=97948&r2=99669
> 
> I should have left a comment in there: the work was effectively there to
> support building zope.i18nmessageid on Jython and other platforms like
> GAE that do not support C extensions at all, even optionally.  The
> package no longer builds on Jython ("error: Setup script exited with
> error: Compiling extensions is not supported on Jython"), although to be
> honest I don't really understand why not.  I'm hoping we can find a way
> to retain whatever fix you were trying to make but still allow the
> package to build on Jython, but I think I need to understand what
> problem you were fixing first.

I think there is a good case for making the C extension an "optional"
setuptools feature:  nobody acutally *needs* that extension built to
have their application work.

Jim has asserted (but not really explained) that the C extension closes
some kind of security hole.  I don't see any credible attack vector
myself, but then I no longer believe it worthwhile to devote my own
energy to defending against malicious TTW programmers.

The change here is to remove 'standard=True' from the feature
constructor.  Developers who want the feature enabled can then build the
egg via:

  $ python setup.py --with-codeoptimization bdist_egg

We could then update the zc.recipe.egg:custom recipe to allow specifying
features to be installed for a given egg.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkwuJrEACgkQ+gerLs4ltQ6RbQCg1CMt5QlZV1DF45i0Elulu4+j
7QUAoL6DsbZOVElG15kLZBh9EbqJipc0
=D9/Y
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list