[Zope] Re: Python switcheroo

Tres Seaver tseaver at zope.com
Sun Dec 5 21:36:50 EST 2004


Dennis Allison wrote:
> This should get Jean Jordan out of the woods for the moment, but it
> raises the question of Zope2.7.X and Python 2.4 compatibility.  IMHO it
> would be very bad form to have Zope 2.7.X not work Python 2.4,

The "bad form" would arguably be a fault of Python, rather than Zope, 
unless Zope had been ignoring a previous deprecation warning (new 
deprecation warnings are to be expected, with Zope applying fixes to 
them at leisure).

We won't call 2.4 "supported" until somebody does an audit of the 
security implications of using Python 2.4 with Zope.  For instance, the 
"what's new" page mentions that 'eval' is now willing to use any 
mapping-conformant object for its 'locals', where it used to allow only 
a "real" dictioary.  I don't know if that affects Zope's restricted 
execution model, nor do I have time to think about it.

Note that the effort involved to fix Zope for Python 2.3 started more 
than a year ago, didn't land until last January, and involved 
significant effort (and billable client hours) from six ZC employees.
I don't think 2.4 will be as big an undertaking (Python 2.2, which was 
never "supported", introduced a lot of complexity to the object model).
Nevertheless, it isn't trivial.

Note that I am likely to be running Zope 2.8 with Python 2.4 very soon, 
*in development.*  I won't be worried about TTW code for that project, 
which removes most of the security worries.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com



More information about the Zope mailing list