IRC log of #zope3-dev for Friday, 2005-07-29

*** horizon5 has quit IRC00:29
*** alienoid has quit IRC00:34
*** MrTopf has quit IRC00:35
*** anguenot has joined #zope3-dev00:38
*** niemeyer has quit IRC00:44
*** |jbb| has quit IRC00:54
*** fdrake has quit IRC00:56
*** RaFromBRC has joined #zope3-dev01:35
*** tvon|x31 has quit IRC01:44
*** bskahan has joined #zope3-dev01:46
*** MiUlEr has quit IRC01:47
*** benji_york has quit IRC01:51
*** d2m has quit IRC02:29
*** cwells is now known as BLACK_SKULL02:42
*** SureshZ has quit IRC02:47
*** SureshZ has joined #zope3-dev02:48
*** yota has quit IRC02:57
*** srichter has joined #zope3-dev03:21
*** BLACK_SKULL is now known as cwells03:21
*** ChanServ sets mode: +o srichter03:21
*** __gotcha_ has joined #zope3-dev03:21
*** SureshZ has quit IRC03:29
*** SureshZ has joined #zope3-dev03:30
*** __gotcha has quit IRC03:38
*** SureshZ has quit IRC03:41
*** SureshZ has joined #zope3-dev03:41
*** SureshZ has quit IRC03:43
*** SureshZ has joined #zope3-dev04:00
*** bskahan has quit IRC04:07
*** projekt01 has quit IRC04:13
*** povbot` has joined #zope3-dev05:54
*** douglasc has joined #zope3-dev06:06
*** povbot has quit IRC06:10
*** Aiste has quit IRC06:12
*** RaFromBRC has quit IRC06:18
*** bskahan has joined #zope3-dev06:48
*** SureshZ has quit IRC07:18
*** SureshZ has joined #zope3-dev07:18
*** SureshZ has quit IRC07:51
*** SureshZ has joined #zope3-dev07:51
*** douglasc has quit IRC08:04
*** zagy has joined #zope3-dev08:28
*** zagy has quit IRC08:34
*** zagy has joined #zope3-dev08:36
*** zagy has quit IRC08:38
*** zagy has joined #zope3-dev08:38
*** bskahan has quit IRC08:45
*** vitaly has quit IRC08:55
*** d2m has joined #zope3-dev09:03
*** hdima has joined #zope3-dev09:27
*** cwells is now known as BLACK_SKULL09:33
*** bskahan has joined #zope3-dev09:33
*** BLACK_SKULL is now known as cwells09:35
*** yota has joined #zope3-dev09:51
*** SureshZ has quit IRC09:51
*** SureshZ has joined #zope3-dev09:52
*** bskahan has quit IRC10:02
*** SureshZ has quit IRC10:13
*** bskahan has joined #zope3-dev10:13
*** sashav has joined #zope3-dev10:45
*** bskahan has quit IRC10:55
*** __gotcha_ is now known as __gotcha11:19
*** MrTopf has joined #zope3-dev11:31
* wiggy pets amazon11:41
wiggyordered the zope3 book on tuesday and got it today11:41
bob2stephen's or phillipp's?11:43
*** lunatik has joined #zope3-dev11:47
*** projekt01 has joined #zope3-dev11:51
*** The|uni has joined #zope3-dev12:05
sashavwiggy, from where?12:06
sashavwhich amazon?12:06
sashavit was much cheaper then amazon.de12:08
*** TheOnly has joined #zope3-dev12:09
*** JZ has joined #zope3-dev12:26
*** tarek has joined #zope3-dev12:27
bob2so, I have some tests12:36
bob2when unit testing, it'd be good to not send mail out12:36
bob2I guess I should be using an adapter or utility, and override it in the test harness12:37
*** anguenot has quit IRC12:48
*** lunatik has left #zope3-dev12:48
*** JZ has quit IRC12:51
srichterbob2: use a dummy utility during testing13:06
srichternote that there is a mailer utility coming with Zope 3; in it's test it uses a dummy utility13:06
srichtergood morning to everyone; it's bug day!13:08
srichter(as it turns out my morning is incredible busy today ;-(, but I will be here in the afternoon chopping away bugs left and right ;-)13:09
projekt01srichter, hi tell me if you are back13:10
* wiggy fetches a zope3 trunk co13:22
*** wiggy has quit IRC13:36
*** MJ has joined #zope3-dev13:52
*** anguenot has joined #zope3-dev13:52
*** sashav has quit IRC13:58
*** sashav_ has joined #zope3-dev14:04
*** mgedmin has joined #zope3-dev14:21
*** zagy has left #zope3-dev14:25
*** zagy has joined #zope3-dev14:25
*** lunati1 has joined #zope3-dev14:34
*** MrTopf has quit IRC14:49
*** alga has joined #zope3-dev14:53
*** lunati1 is now known as lunatik15:05
*** lunatik has left #zope3-dev15:05
anguenothi everybody15:28
anguenotchecking the #30715:28
anguenotJust don't get how it's possible to register something that doesn't exist15:28
anguenottemplate or class15:28
anguenotsince you get ZopeXMLConfigurationError  exceptions in this case15:29
anguenotAm I missing something in here ?15:29
srichteranguenot: I think the addMenuItem does not check (can it?) whether a given view exists for a particular object; but I don't know why it has the effect it does15:34
srichterI guess the simplest would be to try it out and create an addMenuItem that refers to an incorrect view name15:35
anguenotok giving a try15:37
*** jwtest is now known as genconc15:38
anguenotsrichter:You can specify a non existing view within the addMenuItem directive15:42
anguenotbut you can"t specify a non existing class15:43
anguenotso can we just test the existence of the view within and raise an exception if not found ?15:54
anguenotso can we just test the existence of the view within and raise an exception if not found ?15:55
algasrichter: could you please point me to some low-hanging-fruit issue I could tackle?16:07
*** efge has joined #zope3-dev16:08
*** benji_york has joined #zope3-dev16:12
*** juka has joined #zope3-dev16:16
algasrichter: I'm looking at #344.  It seems it is not relevant any more as you don't have to enter the interface when registering a component.16:22
*** MrTopf has joined #zope3-dev16:27
*** garrett-smith has joined #zope3-dev16:33
*** fdrake has joined #zope3-dev16:42
*** juka has left #zope3-dev16:47
garrett-smithsrichter: ping16:49
*** roym has joined #zope3-dev16:50
garrett-smithsrichter: when you get a chance, could you look at
garrett-smithhmmm...never mind, looks like alga weighed in as I was posting here :-)16:51
*** sashav_ has quit IRC16:52
roymI would like to ask some advice of this group: I am trying to learn17:00
roymZope3 and have been reading the 2 books published; I have written a17:00
roymreasonable sized product in Zope2 - yet I find the going hard.  As a17:00
roymlearning tool, is is better to play with Five or work directly w/Z3.17:00
roymWhat are your experiences?17:00
J1mI would work w z3.17:00
J1mI would also read through the tutorial, skipping the testing material on the first read.17:00
garrett-smithStephans book is a good place to start as well17:01
roymyes - I have the books, and they are well written - I think the conceptual parts that17:01
garrett-smithI haven't looked at Philipps closely, but it also looks very good17:02
roymcome w/experience are harder (zen!)17:02
J1mI think the tutorial will help you get started quicker.  The books can then build on that.17:02
garrett-smithJim, I'm going to add a UI for the PAU prefix17:03
roymWould reading the interfaces first  help navigate, or is it likely to overwhelm?17:03
garrett-smithis the principal search issue still lurking?17:03
J1mcool wrt prefix.17:03
anguenotCan we discuss the #307 at some point ?17:04
J1mnot sure what issue you are refering to.17:04
garrett-smithFrom your bug report:17:04
garrett-smithThis bug is not very effective because the UI for adding a pluggable authentication utility doesn't let you specify a prefix for the utility itself. If you create one programmatically, you will find that searching for principals will be broken.17:04
garrett-smithThere were many other places where having a prefix on the auth utility didn't work, which I have fixed.17:04
garrett-smithit's not clear what broken and what's fixed17:05
J1moh yeah17:05
J1mI'm on the phone at the moment17:05
garrett-smithnp -- ping me when you get a minute17:05
garrett-smithroym: what pain points have you run into specifically?17:06
fdrakebenji_york: has a new name for the mechtest stuff been determined yet/17:07
J1mgarrett-smith, are you refering to a collector issue #?17:12
benji_yorkfdrake, yep it's going to be testbrowser17:13
J1mThis is still a mess17:13
J1mA rather big mess17:13
fdrakezope.testbrowser, right/17:13
benji_yorkfdrake: I'm moving it to zope.testbrowser right now17:13
J1mI should have updated the collector issue when I last looked at this. :(17:13
J1mGive me a few minutes to try to refresh my memory.17:13
benji_yorkwhy do you ask?17:14
fdrakeok, cool; i just wanted the target name to refer to in a comment in the formparser package17:14
benji_yorkahh, ok17:14
fdrakeargh!  zope.testing has been separated; gotta get another checkout17:17
benji_yorkwhat do you mean "separated"?17:17
fdrakeit's linked via an external17:17
benji_yorkare you working in a buildout?17:17
fdrakea zope 3 checkout17:17
*** mkerrin has joined #zope3-dev17:17
benji_yorkoh, testbrowser is on a branch (but there it is
benji_yorkI'm working on moving it17:18
fdrakeformparser is a separate project now17:18
benji_yorkoh, also the form story has evolved lately, I'm not sure how formparser is going to fit into testbrowser17:19
fdrakeit doesn't have to; formparser is still useful to just get a few things from a form17:19
algaJ1m: does it make sense to use Field() in a schema?  I'm looking at
J1msure, why not?17:22
algawhat's the sense of it?  Field() is an abstract thing17:23
algahow is it different from Attribute() then?17:23
algaor Object()?17:23
J1mIt lets you specify contraints.17:23
J1mIt lets you say other things that Attribute doesn't.17:24
J1m(e.g. required)17:24
benji_yorkfdrake: right, I was just stating that I think it might be useful to integrate it with testbrowser somehow, but I haven't figured that out yet17:25
algabut then a schema with such fields will not be renderable by the various ZCML-defined views17:25
algaunless you explicitly list fields and skip the Field() one17:25
J1mgarrett-smith, I think there are a number of apis that don't quite handle pau prefixes correctly.17:25
J1mWe do need to fix this.17:25
fdrakewe'd talked about using something like the formparser API for browser controls with getControl()17:26
J1malga, 1: forms are not the only reason to use schemas17:26
benji_yorkfrdake, yep17:26
J1malga, 2: custom widgets can be used to provide form-based UIs to plain fields.17:26
fdrakei noticed you'd done some work on testbrowser for controls since we talked about that, presumably because i didn't have time to implement something quickly enough  :-)17:26
algaJ1m: thanks17:26
fdrakehaven't had time to look at what you did yet17:27
J1malga, if you have a question about why I used Filed in a particular case, I'd be pahhy to share my thoughts.17:27
fdrakeis anyone looking at #39717:27
J1mgarrett-smith, I don't remember the details.  I'd say the first step is to update the tests to uses paus with prefixes and see what breaks.17:27
*** GaryPoster has joined #zope3-dev17:27
mgedminI think alga is17:28
J1mI would do this bt making the default prefix non blank.17:28
J1mI'll try that ...17:28
*** GaryPoster has quit IRC17:28
mgedminthat's why all the questions about Fields in schemas that break autogenerated forms17:28
fdrakethe complaint is that shemadisplay includes fields with python names like __[a-zA-z0-9_]*__17:28
*** GaryPoster has joined #zope3-dev17:28
J1mIs anyone working on 302?17:29
fdrakedoes it make sense to filter those by default, or make everyone use fields='...'17:29
J1mI have a suggestion to keep this channel sane.17:29
J1mI sugest that when people want to discuss a particular issue, they create a separate channel.17:30
garrett-smithJ1m - I wonder if starting with some typical use scenarios with ftests would be the fastest way to flush out the issues17:30
J1mgarrett-smith, I just created #zope3-dev-414 :)17:30
* mgedmin wants a bug to try to fix17:31
J1mmgedmin, 302?17:31
anguenot#zope3-dev-307 created17:31
mgedmin#zope3-dev-302 created17:32
J1mfreake, can we borrow you on #zope3-dev-302?17:34
J1mfdrake, can we borrow you on #zope3-dev-302?17:34
algaHow do I go about bugs I think have to be closed?17:35
GaryPosterfdrake, do you want to chat about 397 someplace?17:37
GaryPoster(my first inclination is that the 'fields' attribute, identified as the workaround, is in fact the correct usage, and that this should be closed as a WontFix or something)17:38
algaWe could also display the __parent__17:41
*** hdima has quit IRC17:41
anguenotI might take some help for the #307 guys17:41
fdrakeGaryPoster, zope3-dev-39717:42
*** SteveA has joined #zope3-dev17:48
J1mThe|uni, ayt?17:51
The|uninot for long17:52
J1mmgedmin, is going to work on 302.17:53
*** alga has quit IRC18:01
*** bskahan has joined #zope3-dev18:01
*** alga has joined #zope3-dev18:02
*** J1m is now known as J1m|bbl18:02
algawhoops. hit ctrl-alt-backspace accidentally18:02
*** wiggy has joined #zope3-dev18:04
benji_yorkI propose we declare 316 as not blocking 3.1; it isn't a problem on non-cygwin systems and there has been no confirmation that it *is* a problem on cygwin18:05
*** BjornT has joined #zope3-dev18:06
benji_yorkI'm looking at 29618:08
anguenotI started already this one18:08
anguenotJust need to check non Text fields widgets now18:08
*** tvon has joined #zope3-dev18:11
benji_yorkoh, ok18:12
anguenotbu you may want to check the other ones18:12
benji_yorkthe other interfaces?18:12
anguenotthe other fields I think18:12
anguenotand their corresponding diaply display widgets18:13
anguenotmost of them do have tests18:13
anguenotI did'n't review all of them18:13
*** bskahan has quit IRC18:15
*** bskahan has joined #zope3-dev18:17
*** bskahan has quit IRC18:22
*** stub has joined #zope3-dev18:25
*** SureshZ has joined #zope3-dev18:25
*** suresh has joined #zope3-dev18:31
*** MrTopf has quit IRC18:32
*** J1m|bbl is now known as J1m18:34
algacould someone suggest something to work on?18:35
*** SureshZ has quit IRC18:39
*** SureshZ has joined #zope3-dev18:43
J1mI suggest that 296 is a nice to have, not critical18:44
benji_yorkok, I'm going to move 316 to the TODOLATER.txt and change it from urgent to something less ( :) )18:45
J1malga, do you know to look at TODO.txt?18:46
algayes, I have even removed one issue that was fixed a month ago18:47
*** jbb666 has joined #zope3-dev18:49
jbb666hola... how goes the bug day ;)18:50
*** suresh has quit IRC18:50
J1mfdrake, can we borrow you at zope3-dev-307?18:51
benji_yorkjbb666, pretty good, if you want to work on one check out the transcripts, some people are cooperating in bug-specific channels18:52
*** Aiste_ has quit IRC18:54
*** Aiste has joined #zope3-dev18:55
algaWhat about 381?  Advising the user to update their securitypolicy.zcml18:57
GaryPosterIf anyone is interested, I'm hanging out on #zope3-dev-372 and I'm going to try to tackle some or all of 372.18:57
algawe could check that the config is sane on the startup, and complain if it is not18:58
algait would complain to the people like Steve, who use their own security policy18:59
algawould it be acceptable?18:59
*** mp has quit IRC19:03
*** suresh has joined #zope3-dev19:03
GaryPosterOK, alga and srichter are ok with the duck typing in the MissingInputError, at least for now, so I'm moving it to TODOLATER.19:06
GaryPoster(sorry that was about
*** mp has joined #zope3-dev19:07
*** MJ has quit IRC19:07
*** tvon has quit IRC19:07
* mgedmin created #zope3-dev-327 because that issue is somewhat related to 30219:11
*** SureshZ has quit IRC19:12
* alga created #zope3-dev-38119:16
*** suresh has left #zope3-dev19:17
*** SureshZ has joined #zope3-dev19:18
benji_yorkI'm pushing 296 to TODOLATER because the remaining widgets are really missing features, not bugs19:19
benji_yorkafk - lunch19:24
*** J1m is now known as J1m|lunch19:28
*** mgedmin is now known as mg|lunch19:42
*** mg|lunch has quit IRC19:45
*** alga has quit IRC19:45
fdrakeGaryPoster, on #397, do we still want to rename the fields to fieldName and fieldCallable, for style guide compliance?19:50
*** projekt01 has quit IRC19:56
*** bradb has joined #zope3-dev19:58
*** J1m|lunch is now known as J1m20:04
GaryPosterfdrake: as far as I am concerned, yes.  That will be for the 3.2 effort though, I think.20:09
fdrakeisn't that too late?  were the field_* names released in 3.0?  (i'll go check...)20:10
*** SureshZ has quit IRC20:11
*** SureshZ has joined #zope3-dev20:12
J1mI'll take 38420:13
fdrakeah, i see; they're not in the interface at all now; it can wait20:14
fdrakei just didn't want the interface to be silly20:14
fdrakeok, i guess i'd better get some lunch now too20:15
benji_yorkI'm working on evaluating XXXs20:17
GaryPosterfdrake: cool, right, I wanted to expose them as something in the interface, and when we do that we should use the proper naming convention20:18
GaryPosterI'm doing XXXs in
GaryPostersrichter AYT?20:26
anguenotwhat's the best way to get Views registred for a given interface ?20:31
J1mIt depends on the view.20:31
J1mIncreasingly, I use the adapter directive.20:32
anguenotI want all possibliy registred views for a given interface20:32
J1mwell, that's asking a lot. :)20:32
J1mThere's no api for that.20:32
anguenotThe only piece of code doing this curently is
anguenotis it the way ?20:33
J1mIf you want all of the named views that can be found for an interface, then there *is* an api for that.20:33
anguenotcool which one ?20:33
*** SureshZ has quit IRC20:33
*** SureshZ has joined #zope3-dev20:34
J1msee zope.component.interfaces.IComponentArchitecture20:35
anguenotit takes objects as argument ?20:35
J1mah, right20:36
anguenotI can understand that by principle the getAdapterXXX() methods should be used but this is extremly confusing...20:36
* J1m wonders why anguenot is asking this20:37
anguenotI mean we should provide at least a getViews (as in the early days) that would call a getAdapterXXX() just to make it clearer20:37
anguenotIt's my impression at this stage20:37
J1mI don't agree20:38
J1mFirst, normal code should not be doing this sort of thing.20:38
J1mOnly meta code20:38
J1mNo need to make things more magic/convenient for meta code.20:38
J1mWhat are you doing?20:39
anguenotok forget about this one Jim. We'll discuss this a little bit later20:39
anguenotjuste my api :)20:39
anguenotwhat should I use to get views registred for a given interface ?  :)20:39
J1mYou can do site.adapters.lookupAll(required, provides) to get all of the factories that would be used to adapt required to provided.20:40
J1mwhy do you want that?20:40
anguenotfor the #30720:40
J1mwhy do you need that for 307?20:40
J1mYou don't need all of the views.20:40
anguenotbecause I need to check that the view provided within the directive 1) exists and 2) is registred on my class20:41
J1mYou just need to know if there is a view of a particular type and name.20:41
J1mRight, you need a specific view.20:41
J1mNo need to get all views.20:41
anguenotwas looking for a way to be sure I won't miss any20:42
J1mYou need to get the global site manager and get it's 'adapters' attribute.20:42
anguenotright as in then ?20:42
J1myou don't have to work that hard.20:43
J1monce to have the global site adapters method, call the lookup method on it.20:43
J1mThe lookup method is defined in zope.interface.interfaces.IAdapterRegistry.20:43
anguenotok checking this. Thanks20:44
J1mThat will tell you if a factory is registered.20:44
J1mYou won't be able to tell if the factory returns None.20:44
J1mBut if you check that a factory is registered, I think that is good enough.20:44
*** mgedmin has joined #zope3-dev20:44
*** alga has joined #zope3-dev20:45
* genconc is away: gone home20:54
GaryPostergarrett-smith or anyone else who cares: trying to remove XXX comments in  The directives used to allow 'menu' but did nothing with it as far as I can tell.  I'm about to rip menu out, therefore, including the tests for it.  Ring bells with anyone?21:00
*** efge has quit IRC21:02
GaryPosterAh, I was looking in the wrong place.  Looks like it does something after all.21:04
GaryPoster(Just has a dead chicken in the various factory arguments)21:04
*** roym has quit IRC21:06
mgedminthose huge functional doctest diffs are a pain21:08
* J1m loves mech tests.21:08
GaryPosterIf you're looking for sympathy, mgedmin, you got it. ;-)21:09
J1mBTW, we've decided to say "mech tests" when talking about functional tests using testbrowser :)21:09
J1mBut never in writing :)21:10
benji_yorkhmm, I think you just did21:10
J1mirc doesn't count as writing21:10
benji_yorkI *really* wish we had a better name :(21:10
algaJ1m, what do you think about #381? I posted a suggestion, don't know whether I should implement it21:11
*** MrTopf has joined #zope3-dev21:11
SteveA"browser tests" ?21:11
SteveAin launchpad, we call "call http() and look at the result" tests "page tests"21:12
J1malga, where did you post a suggestion21:12
benji_yorkSteveA, I don't think so, because they don't test the browser, that's what Selenium does21:12
* benji_york invites everyone to play21:14
algayalp ot enoyreve setivni kroy_ijneb *21:14
mgedminhe7d of auohja^a saf!^u! >|joh_!fuaq *21:15
benji_yorkme thinks mgedmin doesn't get it  :)21:16
GaryPosteror likes encryption21:16
algaflip the screen upside down :-)21:16
GaryPosteroh, very nice!!21:16
benji_yorkI just committed the removal of 73 XXXs, the others are being worked on by other people21:17
benji_yorkmgedmin, I intuit that you spend a great deal of time in IRC21:17
J1malga, I think your solution to 381 looks good.21:17
algaok, so I'm going to implement it21:18
*** swampmonkey has joined #zope3-dev21:18
benji_yorkIf anyone takes issue with the XXX removals let me know21:18
mgedminbenji_york, apt-get install filters, if you have Debian21:18
*** mkerrin has quit IRC21:18
J1malga, cool21:18
bob2how many are left?21:18
algashould I add to bootStrapSubscriber or create a new one?21:19
J1mcreate a new one21:19
*** stub has quit IRC21:35
*** bradb has quit IRC21:35
*** SteveA has quit IRC21:35
*** BjornT has quit IRC21:35
*** stub has joined #zope3-dev21:35
*** SteveA has joined #zope3-dev21:42
*** RaFromBRC has joined #zope3-dev21:44
*** The|uni has quit IRC21:46
*** anguenot has quit IRC21:55
*** zagy has quit IRC22:03
mgedminZope 3 misspells "occurred" as "occured" in a few places22:13
J1mFeel free to fix my typos. :/22:17
J1manybody here responsible for
mgedminI think I touched some bits in there, a long time ago22:19
J1mIt is invoking the shell, via popen, with data potentially entered from the web.22:20
mgedminyes :(22:20
J1mThis is a serious security hole.22:20
mgedminI think I filed an issue to the collector regarding that22:20
J1mOK, we are looking at it.22:20
mgedminand I checked the security checkbox, maybe that's why it's not visible22:20
J1mbenji_york, says svn blames alga for that code. :)22:21
mgedminoh, good :)22:21
mgedminpython2.4's subprocess module would come in handy there22:21
J1mwe need to fix this or not include it in 3.1.22:21
J1mpopen has an option to pass a sequence rather than a string to popen.22:22
mgedminin 2.3? really?22:22
J1mI'm having trouble finding the documentation for that.22:22
J1mnot sure22:22
benji_yorkI would remove it, or not provide a default command, so the user would have to decide how to handle it themselves22:22
J1mMaybe that's why I can't find the documentation.22:22
mgedmin<smptMailer> that goes to localhost:25 is sufficient for most Unix installations22:22
mgedminI do not think Windows machines have /usr/bin/sendmail either22:23
mgedminIIRC only MacOS X doesn't listen on localhost:25, but has /usr/bin/sendmail22:23
mgedminpydoc popen222:24
mgedmin"The parameter 'cmd' is the shell command to execute in a22:24
mgedmin     |      sub-process.  On UNIX, 'cmd' may be a sequence, in which case arguments22:24
mgedmin     |      will be passed directly to the program without shell intervention (as22:24
mgedmin     |      with os.spawnv())"22:24
mgedminthe fix should be simple22:24
J1mon unix22:25
mgedmininstead of pipe = os.popen(...) we can do child_stdout, pipe = popen2.popen2(); child_stdout.close()22:25
mgedminon Windows people can use <smtpMailer>22:25
benji_yorkwell, it would be simple if we could reliably split the words the same way the shell would22:25
algaon windows there is no command sendmail22:25
mgedminI do not think you can send emails by piping them to some standard system process22:25
mgedminbenji_york, which shell?22:25
J1mmgedmin, are you talking about windows?22:26
benji_yorkthe object's constructor takes a string command, we would have to split it into a sequence, for popen.  There are notorious complications doing that22:27
* mgedmin remembers that on Windows the implementation of execv(array_of_arguments) did the equivalent of system(" ".join(array_of_arguments)) and broke everything22:27
* mgedmin pauses22:27
mgedminforget Windows oddities22:27
mgedminbenji_york, you noticed a problem that I didn't think about22:27
mgedminpopen2.popen2(cmd.split() + [unsafe_email_typed_by_a_user]) is still much better than the current security hole22:28
J1mI suggest we should just disable the sendmail mailer on windows.22:28
benji_yorkI say we either remove SendmailMailer all-together, or remove the default command, so a potential user would have to decide for themselves what to do22:28
srichterhi, I am finally back22:28
mgedminI have no objections to removing SendmailMailer.22:29
SteveAremove it22:29
algabut but22:29
*** tvon has joined #zope3-dev22:29
algait is a standard way of sending mail on unix22:29
benji_yorkSteveA, bless you22:29
J1moh, god bless you22:30
SteveAyou aren't gonna need its security holes22:30
SteveAalga: make it an add-on package22:30
algaI thought theere was an insult on the end22:31
SteveAalga: with your name on it, if you're going to maintain it22:31
algawhich is appropriate I must admit22:31
AisteSteveA: you are kindly invited to reconfigure my instance of Ivija then :)22:31
Aisteit uses sendmail22:31
J1mAiste, you can use the smtp mailer with sendmail.22:31
benji_yorkAiste, do you pass tainted addresses in?22:31
mgedminAiste, you use an old Zope 3 snapshot, which will contain sendmailMailer forever22:32
Aiste:) it's on my local machine and not accesible from the outside :)22:32
SteveAAiste: either use alga's add-on package, or, make the smtp mailer know about authenticated smtp, and use your usual external authenticated smtp server22:32
SteveAyou hope22:32
AisteI know22:32
SteveAsecurity is hard.  we should err on the side of less functionality and more security.22:32
J1mI assume this wasn't in 3.0.22:33
SteveAespecially where the functionality is equivalent22:33
* mgedmin gets another unobvious mongo diff from a fdoctest...22:33
benji_yorkI don't think it was in 3.022:33
SteveAmgedmin: i have permission to contribute my differ thing.  i now just need to do the paperwork22:34
SteveAmgedmin: i have broad permission to contribute infrastructure back to zope322:34
SteveAmgedmin: print me out a committer's agreement, and i'll sign it when i'm back in vilnius.22:34
J1mBTW, someone could write a secure thing that uses exec on windows.22:34
mgedminSteveA, any chance of getting a preview before the paperwork is ready?22:35
SteveAmgedmin: i think you still have access to RF22:35
J1mOK, so for now we'll remove the sendmail mailer.22:35
GaryPosterYeah, that would be cool to know about22:35
benji_yorkvery cool, SteveA22:35
GaryPosterI don't even know what RF is :-)22:36
* mgedmin neither22:36
mgedminoh, rocket fuel22:36
GaryPosterhe he'22:36
benji_yorkI'm removing SendmailMailer22:36
SteveAmgedmin: i have some ideas to improve the diff / output side of doctest.  we can talk about it in a week or so.  i'd welcome your opinions.22:36
* mgedmin nods22:36
SteveArocketfuel is the bazaar archive where the canonical Canonical internal development project code lives22:37
J1mSteveA, you should include tim22:37
GaryPosterSteveA: ah, cool22:37
srichterany issues left for me? :-)22:40
algasendmailMailer was enabled in ZopeX3 3.0.0, along with the hole22:40
mgedminWAAAAH!!!! it was a SINGLE TRAILING SPACE CHARACTER in the request form data22:40
mgedminand fuzz22:41
GaryPosterlol.  yeah, that still needs some improvements.22:41
benji_yorkalga, I say we fix the bug my removing it  :)22:42
algaok, if you say so...22:42
mgedmin(no it wasn't, it was something else)22:43
srichterdamn, the TODO.txt looks great! :-)22:44
srichterJim, what do you want to do about #384?22:50
srichterI am not sure how to address part 1 with a descriptor trick, but I agree that we should deprecate the permission argument in the utility directive22:51
J1mI'm working on it22:52
srichterah, ok22:52
J1mafter I figure out what to do about the huge security hole we intriduced in 3.0.22:52
J1mafter I figure out what to do about the huge security hole we introduced in 3.0.22:52
*** SureshZ has quit IRC22:52
*** SureshZ has joined #zope3-dev22:53
*** BjornT has joined #zope3-dev22:54
J1mshame on me for not noticing mgedmin's bug report22:54
srichterbenji_york: did you remove all XXX from zope?22:56
mgedminTestRequest().locale is None22:56
mgedminwhat do I do if my method needs a date formatter?22:57
GaryPostersrichter: I'm in doing the XXXX stuff22:57
srichterGaryPoster: ok22:57
GaryPosteror XXX :-)22:57
benji_yorkI removed the ones I could figure out what do do with22:57
benji_york(and no one else was working on)22:57
srichtermgedmin: mmh, I think TestRequest should grow the root locale22:58
srichterI thought it does this already22:58
* J1m wonders how to do a hotfix for zope 3.22:58
srichtersupport *-hotfix.zcml in package-includes?22:59
srichteralga: can you not resove bugs?23:01
mgedminsrichter, it works when I use placelesssetup.setUp23:02
srichteralga: Should I close 381?23:02
srichtermgedmin: mmh, strange23:02
J1malga, how to people use the sendmail mailer?23:02
J1mDo they have to modify their zcml?23:02
mgedminJ1m, yes23:02
mgedminthey have to include a <mail:sendmailMailer name="..." /> directive, and also declare a mail delivery utility that uses that mailer23:03
J1mHere's what I propose (after running it by Brian):23:06
J1m- remove the sendmail mailer (from the trunk and the 3.0 branch).23:06
J1m- Send a note to the dev, users, and announce list letting people know about this problem and that, if by any chance, someone is using this, they should not use it if addresses are types by end users and that we will be removing this feature,23:07
J1m'any objections?23:07
srichtergarrett-smith: did you work on 414 today?23:12
*** anguenot has joined #zope3-dev23:12
srichtergarrett-smith: can that be closed?23:12
srichteranguenot: hi; did you finish 307? I saw you added an XXX comment somewhere23:12
anguenotnot yet finished23:13
anguenotis it last one ?23:13
mgedmin302 is almost done, but there is one buglet remaining23:13
srichtermgedmin: great23:13
srichteranguenot: it is one of the last ones23:13
anguenotjust take  some food and I'm back in :)23:14
srichterJim signed up for 384, so that covers everything23:14
anguenotwestern europe time in here :)23:14
srichterand if Phillip and I are not getting our books' code checked in time, we can do a quick 3.1.123:14
* srichter thinks that today was very productive; we should do this more often23:15
anguenoteheh cool :)23:15
J1manguenot, wanna meet me in #zope3-dev-307?23:16
srichterwow, it deserves its own channel ;-)23:17
srichtergarrett-smith: does issue still exist?23:20
srichterif so, it is a pretty serious security bug23:20
benji_yorkI just removed SendmailMailer from the trunk and am testing the patch against the 3.0 branch23:20
benji_yorksrichter 418 says it's resolved (by hdima)23:22
benji_york(in revision 30886)23:22
srichterduh! :-)23:23
srichteranguenot: I am getting a NotFoundError deprecation warning from src/optionstorage/browser/ when running ftests23:32
anguenotsrichter: ok I'm deprecating this one. Wasn't expecting any import of zope.excecptions in here23:36
srichterok, thanks23:38
mgedmincan somebody reproduce #327?23:39
mgedminI think it was fixed a while ago23:39
srichteryeah, I am pretty sure hdima fixed that23:41
srichterit is really a duplicate of another bug23:41
srichterbut I test it; hold on ..23:41
mgedmin#302 is fixed!23:41
srichtermgedmin: please remove it from TODO.txt and add it to CHANGES.txt23:42
mgedmin(it took only 5 hours and 24 minutes... and I did everything with forms!)23:42
mgedminsrichter, ack23:42
mgedminoh, TODO.txt says that #302 ought to be backported to 3.0.x23:43
* mgedmin doesn't want to do that...23:43
srichteryeah, let philiKON and the Zope 2 team worry about this; they are more people :-)23:43
anguenotnot tests for optionstorage....23:44
anguenotI thought it was a forbidden behavior ;)23:44
srichterit is; let's blame someone! :-)23:45
mgedminCHANGES.txt says that #327 was fixed23:45
J1mWhat is optionstorage?23:45
anguenotno copyright headers neither23:45
srichtermgedmin: ok, cool23:45
anguenotJust deprecated a NotFoundError used at this level23:45
srichterJ1m: I thought optionstorage is a ZC thing?23:45
anguenotis it used anywhere ?23:46
J1mwhere is it?23:46
algasrc/zope/app/form/browser/ has no tests either23:46
algafor 3 years now or so23:46
*** Aiste has quit IRC23:47
srichtermgedmin: I can confirm the fix23:47
anguenotsrichter: you were getting the deprecation message when launching the functional tests right ?23:47
algatime to enjoy the last 10 minutes of the sysadmin appreciation day in our TZ23:49
*** bradb has joined #zope3-dev23:49
*** swampmonkey has left #zope3-dev23:51
mgedmindo I add new bug fixes at the top of the list in CHANGES.txt, or at the bottom?23:52
* mgedmin reached the hardest part of bugfixing -- bureaucracy^Wupdating the relevant txt files23:52
srichterok, I have no gone through the new bugs that I had not looked at before and I did not find any critical new ones; so once TODO.txt is empty, we are really done and I'll cut RC123:52
srichtermgedmin: I put new stuff always on the top23:53
benji_yorksrichter, after Gary gets his form XXX fixes in, garrett-smith has one that he created that he's going to look at23:54
J1msvn blames niemeyer for optionstorage23:54
srichteroh, I think I know what it is23:55
mgedmingood night everyone (it's 5 minutes to midnight here)23:55
*** mgedmin has quit IRC23:55
srichterit is a rewrite/improvement of the managable vocabularies I wrote for bugtracker23:55
GaryPoster(I keep on trying to run tests, then folks check in changes, then I have to run the tests again, then I have to endure the ridicule of my co-workers for running a slow PowerBook :-P :-) )23:56
srichtermaybe we should move that code to a sandbox?23:56
anguenotWait I'm just finishing the deprecation and the tests23:57
algathanks for the bug day!23:58
*** alga has quit IRC23:58

Generated by 2.15.1 by Marius Gedminas - find it at!