[Framework-Team] [Plone-developers] Plone framework team meeting minutes, May 8

Tue May 8 23:36:02 UTC 2012

On 5/8/12 3:34 PM, Dylan Jay wrote:
> Hi,
>
> I noticed https://dev.plone.org/ticket/10959 has now been dropped from
> your list. It's implemented but I need to know if its worth the effort
> in finishing the last remaining test failures. I've asked advice on if
> the FWT wants the implementation or not (see last comment 9 days ago).
> Is this the advice?
> BTW This PLIP has been open almost 2 years. I'd like see some kind of
> resolution to password validation in plone.
>
>
Hey Dylan. I'm sorry we've been dropping the ball on your PLIP since 
Ross stepped down from being its champion. (In the case of today's 
meeting, we accidentally overlooked a section of our spreadsheet which 
included this PLIP.)

I just familiarized myself with the code, past reviews and conversation, 
and my personal feeling is that this is a good change and while there 
are reasonable concerns raised in the reviews, we shouldn't let the 
perfect be the enemy of the good.

To touch on some of the specific items that were outstanding in the reviews:
* Yiorgis raised the issue of the initial generated password not 
necessarily being compliant with the validation, but you pointed out 
that this is not a problem because the user never sees the initial 
password. That makes sense to me, so I think this concern is resolved.
* Yiorgis and Ross both raised concerns about whether the PAS API should 
be extended (to support limits on password age, say, or to support 
providing more specific help text for the password field on a 
registration form). I agree these are ideas worth considering, but they 
are outside the scope of this PLIP (which is just a tiny change in Plone 
to make use of the existing PAS API), orthogonal to it, and should not 
be blockers.
* Ross said he hadn't tested to make sure the validation is applied 
during the password reset process. Can you or someone else please verify 
that this works?
* Ross mentioned a test failure in CMFPlone (testGeneratePassword). This 
looks trivial to fix if it hasn't been already so we can handle it 
during merge.
* Vincent brought up an i18n concern at 
https://github.com/plone/plone.app.users/pull/2/files#L1R250 which looks 
valid to me. Can you fix that?
* I think you still need to add an upgrade step to plone.app.upgrade to 
install the plugin for upgraded sites.

Any opinions from the rest of you FWT folks?  This seems like too much 
of an easy win to me to let it drag out longer.
David

----------		
David Glick
 Web Developer
 davidglick at groundwire.org
 206.286.1235x32

Are you engaging? Find out! Use our free engagement benchmarking tool.

http://groundwire.org/labs/engagement-strategy/diy-benchmarking-survey