Bug#753404: zope.security: Port python-zope.security-untrustedpython from Ubuntu

Barry Warsaw barry at debian.org
Tue Jul 1 18:32:14 UTC 2014


Hi Gedminias!

As a side note, have you seen the discussion about folding the Debian Zope
team into the Debian Python team?  Would you have any objection to that?

On Jul 01, 2014, at 07:49 PM, Gediminas Paulauskas wrote:

>I've merged zope.security to Ubuntu a few times, keeping the delta.
>
>The code requiring RestrictedPython was extracted to a separate package.
>
>Newer zope.pagetemplate lists this as an optional dependency and only on
>python 2.
>
>4.0.2 (2013-02-22)
>------------------
>
>- Migrated from ``zope.security.untrustedpython`` to
>``zope.untrustedpython``.
>
>- Made ``zope.untrustedpython`` an extra dependency.  Without it, python
>  expressions are not protected, even though path expressions are still
>  security wrapped.
>
>
>zope.browserpage 4.1.0a1 is updated for this split and requires plain
>zope.security
>zope.ptresource 4.0.0a1 too.

I don't see these versions in Ubuntu:

% rmadison zope.pagetemplate | grep utopic
 zope.pagetemplate | 4.0.1-0ubuntu1            | utopic/universe  | source

% rmadison zope.browserpage | grep utopic
 zope.browserpage | 4.0.0-0ubuntu1  | utopic/universe  | source

As much as possible, I'd love to keep the Debian and Ubuntu packages the
same.  If there are some that are available only in Ubuntu, to the extent that
we can keep those deltas in separate source packages, that would be great,
since it means we can let autosync just work, and Ubuntu won't fall too far
behind Debian, or get too far ahead.

>zope.app.pagetemplate needs a similar change to dependencies upstream.
>
>I will deal with this in Ubuntu and upstream if necessary.  To keep the same
>functionality, a new source package zope.untrustedpython should be added to
>Ubuntu. But can live without it.

That seems best.  Especially as I'm adding Python 3 support to the Debian
packages, it's a huge complicated stack to keep in sync, so the fewer deltas
we have to carry, the less technical debt we build up in both distros.

Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20140701/a95f6e2b/attachment-0001.sig>


More information about the pkg-zope-developers mailing list