[Framework-Team] The final(?) verdict

Andreas Zeidler az at zitc.de
Wed Feb 20 15:22:26 UTC 2008

On Feb 20, 2008, at 4:24 AM, Raphael Ritz wrote:
> Hi Folks,

hi raphael,

> at Wichert's request and in order to update us all
> I've just compiled the following overview.

nice job — thanks again for jumping in!

> PLIP #216: Template overrides
> http://plone.org/products/plone/roadmap/216
> https://dev.plone.org/plone/ticket/7750
> -4 - never submitted
> (Raphael notes: not sure we are on trac here as all
> this is about is to include the z3c.jbot package from
> http://svn.zope.de/zope.org/z3c.jbot
> OTOH people who want that can just do it)

well, i guess first of all the fact that no bundle was officially  
submitted means that the code hasn't been reviewed either.  so i don't  
think we can include it into the distribution just like that.   
however, that's "just" a policy issue, not a technical one.  on the  
technical side, however, i think we shouldn't just include more and  
more ways of customizing plone.  people, i.e. developers and  
integrators, are already confused more than they should be.  so what  
we really should do is think about better ways to integrate something  
like jbot with customerize and the old customization story to make the  
whole customization story more consistent.  so imo this could very  
well go into 3.2, but more as some part of a bigger effort in that area.

in short:  i like the idea, but i'm -1 on including this _now_.

> PLIP #224: CSRF protection framework
> http://plone.org/products/plone/roadmap/224
> https://dev.plone.org/plone/ticket/7783
> +2 - but either before or after merge efforts should be
>    made to make use of those two new packages in
>    the most important security related forms in Plone.
>    AFAICS Andi is working on this currently but he sure
>    would appreciate some help I guess.

yes, i am and of course help is much appreciated.  however, i think  
there's actually not to much left to do code-wise, but having someone  
review the changes to make sure we're still on the right track and not  
forgetting any or even introducing new security-issues would be a good  
thing, imho.  so please let me know if you're interested!



zeidler it consulting - http://zitc.de/ - info at zitc.de
friedelstraße 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
plone 3.0.6 released! -- http://plone.org/products/plone

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.plone.org/pipermail/plone-framework-team/attachments/20080220/50cda552/attachment.sig>

More information about the Framework-Team mailing list