[Framework-Team] The final(?) verdict
az at zitc.de
Wed Feb 20 15:22:26 UTC 2008
On Feb 20, 2008, at 4:24 AM, Raphael Ritz wrote:
> Hi Folks,
> at Wichert's request and in order to update us all
> I've just compiled the following overview.
nice job — thanks again for jumping in!
> PLIP #216: Template overrides
> -4 - never submitted
> (Raphael notes: not sure we are on trac here as all
> this is about is to include the z3c.jbot package from
> OTOH people who want that can just do it)
well, i guess first of all the fact that no bundle was officially
submitted means that the code hasn't been reviewed either. so i don't
think we can include it into the distribution just like that.
however, that's "just" a policy issue, not a technical one. on the
technical side, however, i think we shouldn't just include more and
more ways of customizing plone. people, i.e. developers and
integrators, are already confused more than they should be. so what
we really should do is think about better ways to integrate something
like jbot with customerize and the old customization story to make the
whole customization story more consistent. so imo this could very
well go into 3.2, but more as some part of a bigger effort in that area.
in short: i like the idea, but i'm -1 on including this _now_.
> PLIP #224: CSRF protection framework
> +2 - but either before or after merge efforts should be
> made to make use of those two new packages in
> the most important security related forms in Plone.
> AFAICS Andi is working on this currently but he sure
> would appreciate some help I guess.
yes, i am and of course help is much appreciated. however, i think
there's actually not to much left to do code-wise, but having someone
review the changes to make sure we're still on the right track and not
forgetting any or even introducing new security-issues would be a good
thing, imho. so please let me know if you're interested!
zeidler it consulting - http://zitc.de/ - info at zitc.de
friedelstraße 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
plone 3.0.6 released! -- http://plone.org/products/plone
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 186 bytes
Desc: This is a digitally signed message part
More information about the Framework-Team